b9cae0739fc6daee051551b3e1dfabd39db41c2996f3a905254a71def555ba36

Analysis

max time kernel
103s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

603d00b49e0ee1b9c5022174ab248b6c.exe
Size

18KB
MD5

603d00b49e0ee1b9c5022174ab248b6c
SHA1

fd93a10b32cced522ca6274f781066a9fab8af17
SHA256

8d19be51751f0c459874ae1dc1be93fb7e667bc916f5b11eeb67943b479cb0e9
SHA512

226f971bb04ba4f0548ad207a308567a5dc7ee1aea5ff933e020e457c38e53a7c8c899e8cd036060c4f1aca7e157c6d076c22422f318cd626b323e558e57f865
SSDEEP

384:6d+cgTYymL0Tybt/yLp3Ejf0TgShmWTkK6aHv+P:qpxwTyBcEjylTA

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	696	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	696	AUDIODG.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 5304	1840	603d00b49e0ee1b9c5022174ab248b6c.exe	88
PID 1840 wrote to memory of 5304	1840	603d00b49e0ee1b9c5022174ab248b6c.exe	88
PID 5304 wrote to memory of 4124	5304	csc.exe	90
PID 5304 wrote to memory of 4124	5304	csc.exe	90

C:\Users\Admin\AppData\Local\Temp\603d00b49e0ee1b9c5022174ab248b6c.exe
"C:\Users\Admin\AppData\Local\Temp\603d00b49e0ee1b9c5022174ab248b6c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ltll1wep\ltll1wep.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5304
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8B48.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCCD60728D74E34266ACF953DECDA5B73E.TMP"
    3⤵
    PID:4124

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c0 0x41c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\835092e4-5135-4163-a8d7-ded995366a31.exe

Filesize
18KB

MD5
772f72d208ca51add2fe94766e39c7fe

SHA1
2c6ac4b8469c1848e8374d5a31b6952b435a40e7

SHA256
4f7f4a1be19dd6d08f42499fc561c554d3e3592bffc9bb7647664d1d7b82fe5e

SHA512
6eaccfefb197ef81049c62368be8774a0e2f268551f281ad5851b038d102a81cffa2d9a51fa5d22c7eb0eb23f0de73b527b171bf171a2ee2a28e3bdaa6f436aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES8B48.tmp

Filesize
1KB

MD5
9496c256b3b774ccc8fa4184ff3e3833

SHA1
abe0ec30ab8ccddbe6b14bb369f95b2fa6c1df59

SHA256
d89e999c110920a3dc616991bb2f652a53580b4f75008a7c662c874a1dcd46ad

SHA512
1035644052cd30b58e22f02880c5ad0a31b6be64c5392d6d02d63ba6db85e5d7742b8aae5d94920c2168c09848c6c425492570328e911fe7b232cf5ed9610ea8

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCCD60728D74E34266ACF953DECDA5B73E.TMP

Filesize
1KB

MD5
d040de772d589ce5d8c32bcb758d78d2

SHA1
4200fbbeb18180e63c5c018f3114982d0c09e998

SHA256
df35820bfab57b306f63164d8666151cefa40cbb4ef78ae7d3d4c75dc6e0dbb8

SHA512
3cc52b7ed99d43ac29831a5fc3d6e6eec940e0036794f4f9520c0e4ed51ba9be9385bc3bcfb9522edcb8e953551819a1f753a0f58f29b9a8457e1bf6e68edd92

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ltll1wep\ltll1wep.0.cs

Filesize
41KB

MD5
79572619cc5db12592928dd18c889f4f

SHA1
24fb2dd825e4d96af8d9d06df8ca1516e56f6e17

SHA256
c77b80bd40d43091e85485467131f91f7e64be07b53bb9c915ed67e559bfa6fb

SHA512
aa1669650db217c8134932594300220a3b135616eec2b9b18d9754297588f0501cecb599ddfa98096dc15ae28a56892ece001f78b5893c5a3730663e909e537f

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\ltll1wep\ltll1wep.cmdline

Filesize
377B

MD5
de611f0bb91045befc23ce45dabc5bd9

SHA1
76ddea1b40edf7e47192a8b35edf856cdc6dedf0

SHA256
20193231e1237ca8700177e3a8c68b213e6216257738b0580f670d6a061afe79

SHA512
b0028f740983af36a9dbcd63df7554ab8c0d542b9e1c155748a8eb444d938fcde9e6cc9fedab0a147ca50e81567c21e1db2b507787c715e196242f232c72d3bc

Download Submit
memory/1840-0-0x00007FFEE6003000-0x00007FFEE6005000-memory.dmp

Filesize
8KB

Download
memory/1840-1-0x0000000000720000-0x000000000072A000-memory.dmp

Filesize
40KB

Download
memory/1840-3-0x00007FFEE6000000-0x00007FFEE6AC1000-memory.dmp

Filesize
10.8MB

Download
memory/1840-16-0x0000000000F10000-0x0000000000F1A000-memory.dmp

Filesize
40KB

Download
memory/1840-18-0x00007FFEE6000000-0x00007FFEE6AC1000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads