5f5308bcbbfa5b1627d8462b686d2566b2813c23d00b851fae774e8836185d71

Analysis

max time kernel
59s
max time network
21s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
06-08-2024 04:35

Target

a.exe
Size

19.4MB
MD5

1f7dbf7131aa034ec16445a2f4f7dcd5
SHA1

facdb79816af25d725d8035dc4bf6b52b76a8eb8
SHA256

5f5308bcbbfa5b1627d8462b686d2566b2813c23d00b851fae774e8836185d71
SHA512

82584e74578e2093606b512f07c172d76342b383556d728749d30182afeb807cc43ff6f05c9fada22d556eb4e84afbfeb4f856990a8ebcf099615af1bb7be055
SSDEEP

393216:QiIE7YoPQtstQdq/Kmr2pu0tTtdQJluwF3MnG3oTl5iakBq1eZW3WpRZ5YHw:R7rPQtstqoKmr2puI5dQz3MGY3gZDyQ

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
864	a.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	544	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	544	AUDIODG.EXE
Token: 33	544	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	544	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 864	2560	a.exe	30
PID 2560 wrote to memory of 864	2560	a.exe	30
PID 2560 wrote to memory of 864	2560	a.exe	30

C:\Users\Admin\AppData\Local\Temp\a.exe
"C:\Users\Admin\AppData\Local\Temp\a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Users\Admin\AppData\Local\Temp\a.exe
  "C:\Users\Admin\AppData\Local\Temp\a.exe"
  2⤵
  - Loads dropped DLL
  PID:864

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:544

C:\Users\Admin\AppData\Local\Temp\_MEI25602\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit