70bba6e748b04c937188f113389a3c90bf30806add70222b920886a57b0bdd98

Analysis

max time kernel
102s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1300fbf843b8fcf8554979a45a3e48ba.exe
Size

18KB
MD5

1300fbf843b8fcf8554979a45a3e48ba
SHA1

a638fa0faf167f80cf60fd4520f12a4197a8c823
SHA256

5beca5742ada639b75e52f51f897e92d12f8b5e4e48d69914d24d8a1d58ab65b
SHA512

52814f9ab25d050270db13e17f3c3ffd8218d489e092b0f0235d5ad9cfd57072b1d994b977cedc8ef10f522a5165e6ac8ef58c8f5a41fa12bbc6e51ce40b53e7
SSDEEP

384:qPbacrkOSc6vBJ58c0cB71MY6i18HVRW7NLthmOTkK6aHv+7:kbc/c6tXpB7WuMjstBT4

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	960	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	960	AUDIODG.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4340 wrote to memory of 2552	4340	1300fbf843b8fcf8554979a45a3e48ba.exe	90
PID 4340 wrote to memory of 2552	4340	1300fbf843b8fcf8554979a45a3e48ba.exe	90
PID 2552 wrote to memory of 2236	2552	csc.exe	91
PID 2552 wrote to memory of 2236	2552	csc.exe	91

C:\Users\Admin\AppData\Local\Temp\1300fbf843b8fcf8554979a45a3e48ba.exe
"C:\Users\Admin\AppData\Local\Temp\1300fbf843b8fcf8554979a45a3e48ba.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4340
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\dfzncold\dfzncold.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES754F.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC709991E9D47C4157864CD321ABF676.TMP"
    3⤵
    PID:2236

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x248
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0791aed4-223f-4bf7-85bb-4642bd9d2d9e.exe

Filesize
18KB

MD5
56e1b4f9f3a95af5c83283c1cba2d19c

SHA1
c268536e59fee8699fe98dcfe9ad5f735c360aaf

SHA256
b54a77564cceed4d216496962934676941935b087acd0803146c8a6f01882d99

SHA512
786b5c80b3341ffad73049ac299b5969c5969572691da429e96334bb66057b7167bd75920ac0f727e9e04cb679725201e1995a1312a06c760ac0fa2d1cfcf580

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES754F.tmp

Filesize
1KB

MD5
7eee5e4ac4179346bad2e8bdc9e22e36

SHA1
27536fb70e8230a9e6d97d68b50bb9fd6e9f6e31

SHA256
ee9ab03f2bd217dfc8d943c3c2cd6e44f4f0b100ba787465af1585f13c5eca3f

SHA512
1082822dd7ba4247cc205402b36e3b68abc0a59b4daf11fdc722d135f9d0ec4e5e038b1856e5c4f524d76c808218b489bdb1f51c48365a3d83d08c5f45f52631

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC709991E9D47C4157864CD321ABF676.TMP

Filesize
1KB

MD5
ca608451f4b4f66bfde47dd95aa68b21

SHA1
d5321770caad2c4321c5077c080c9109ca98d899

SHA256
4d08a62d21534eb94bd7d1857a418373885848e3dac3071d226498131b9aecda

SHA512
ec2c0d45282d6eddbf131a40cecb328398f15410ac61cdabaecde3d3089158f9c7adaa2ad0d2f9897f7a6716efdc3dc649892cf5d2a017fabce447d980230052

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\dfzncold\dfzncold.0.cs

Filesize
41KB

MD5
a9123c515ac8a680f1ea25fb50bb8113

SHA1
c28576965c6cbe234f1982861e125d0c6e513f48

SHA256
399e5166e79f7c8df9f0f282af270992b9f7b1ab7a7aa58077327310824868bb

SHA512
b22483e402078e8651fba966cffba2543f3e7d478ac87315e74ebb718a413651d2e9a2b980d656177a225f9c31adcddcd76927158c43d3915e2ccc8c6d0c7284

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\dfzncold\dfzncold.cmdline

Filesize
377B

MD5
8b7790988faa1bbc5bd10733d0059a93

SHA1
442932850b16481321b18dcdbdac854a7cb342b1

SHA256
644c914beadbca386214ce7983af1c4c4efb8399df6e921a6265838aff17eace

SHA512
ff7ab37f00d91c00e22476cf1cbf3738cd5efaee127b8bf95ed60217802c7c019e3dc9a0902ad258c5db4bdc5971261e933320c51277f9665dad196a7449d566

Download Submit
memory/4340-1-0x0000000000B70000-0x0000000000B7A000-memory.dmp

Filesize
40KB

Download
memory/4340-0-0x00007FFA875B3000-0x00007FFA875B5000-memory.dmp

Filesize
8KB

Download
memory/4340-3-0x00007FFA875B0000-0x00007FFA88071000-memory.dmp

Filesize
10.8MB

Download
memory/4340-16-0x0000000002E30000-0x0000000002E3A000-memory.dmp

Filesize
40KB

Download
memory/4340-18-0x00007FFA875B0000-0x00007FFA88071000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads