0b566eb6f93eef4019744f25065a7b2ca782a802bc89051cb398830cf8d2d58e | Triage

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-09-2024 01:10

Sharing

Report Analysis Logs

General

Target

Source/bobspeak.vbs
Size

131B
MD5

8884a25e47d799f6bd3d4ec20f05a3b7
SHA1

8959822be4ecff5dd7fbdd714cd85775345d39c5
SHA256

5a68437edd63bd826a1f1557121d4c05114c608fd8a18a0c9c156a60d90bd0c1
SHA512

3722494fda291fe85f9276dc656b49fb977eea6403cf3a0b6bfaa77c1ec74a70c2a3012e420129f3c1fd939ef7928d94f0320a128b7087fa8f4f4080ae70973b

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5008	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5008	AUDIODG.EXE

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Source\bobspeak.vbs"
1⤵
PID:4252

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4dc 0x41c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_0D1CD757618D49C090120B926F324A1B.dat

Filesize
940B

MD5
8fb5c662ee5c15803a252d6c10710dc7

SHA1
7cf558ffc74598b38fcf7cc5673b65f0674bfb27

SHA256
1eff2767626654362e47cb8bbe01df112c3ec21969d524a534abc71607f0ae40

SHA512
c158fd41af445db9c9827f8ccc12fbe0f7fd196c37bd2e6f9576ac08f7c5c110c1c7d36bf089371e41f8e124fd55e1191dcc36cdbc549a8d6bb6cedccc3ef883

Download Submit