aff3e08b50336ce6a1cfe39c45d32d918dc6f190662aef666addb193f44d47a8

Analysis

max time kernel
102s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76c8afc286159014532e7a6a66114eeb.exe
Size

18KB
MD5

76c8afc286159014532e7a6a66114eeb
SHA1

1734c6e854189262fa527b79c7e9c766f83643c6
SHA256

a3e07362695d2d682d335504a20078daa14d31b4b3388f4f357cbc0df4114fee
SHA512

501e0fe5c024a8155616c3bdb5925e764f7065778b7dc9303d1e7858948c4404d8db236a76f9bba0c85104c1454f3aa8caf7928bed093c454dcc666a7f0d63fd
SSDEEP

384:1xJJ5sC/dMKASq7RZrEhglO2x4hmETkK6aHv+O:1xJJlrAZR1Ehglhx4TTp

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	320	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	320	AUDIODG.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 6040 wrote to memory of 4764	6040	76c8afc286159014532e7a6a66114eeb.exe	88
PID 6040 wrote to memory of 4764	6040	76c8afc286159014532e7a6a66114eeb.exe	88
PID 4764 wrote to memory of 4696	4764	csc.exe	106
PID 4764 wrote to memory of 4696	4764	csc.exe	106

C:\Users\Admin\AppData\Local\Temp\76c8afc286159014532e7a6a66114eeb.exe
"C:\Users\Admin\AppData\Local\Temp\76c8afc286159014532e7a6a66114eeb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:6040
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\1zlf022c\1zlf022c.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4764
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6A91.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC29BEAD06543D4FF792F587A024CEC172.TMP"
    3⤵
    PID:4696

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:320

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
1⤵
PID:4696

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\261c71da-ac85-43ac-b157-b4d159215c07.exe

Filesize
18KB

MD5
2df0abb86b671164fafd0432431aada1

SHA1
e389c066ac2112b0c98e8347afe2bb0c32907cb6

SHA256
751d83bef832a86a9343a3b7873ca12cbc05f40567ac93fc3efe08d506306782

SHA512
d68403e1ee81f4f8707c9ad465afb1196007353bcaed8f4f608b1ef411274006959e42bc2dc48b3b696849ae2366d5b973b6bd72a7b571d8a816bdc5f8233194

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES6A91.tmp

Filesize
1KB

MD5
09f7af42ae8131a6dc31c14cbed5bf6c

SHA1
5eeff6d7fa960fe042e9846bde971867d99a564e

SHA256
fa413e91fc2453352d5b8277892e20abe5404c09d7ae505be94f916c7d868b5d

SHA512
e50206aabb6e9c4aac80ffdc7ae9e37d4d01fe4f5b782c9dd4a42156d6165609e09c8323344ea1132813aad79368d65ac372be328b0f09c35ec3163941ba9805

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\1zlf022c\1zlf022c.0.cs

Filesize
41KB

MD5
c63ed54bc7630e963301cbc443b208b4

SHA1
4a84108749949cdfd34ac3946d323865ad20e96b

SHA256
da3c17ee4ead312eaaa45c87de5a9af7249563f900cc0056d0902b0b59fb7b98

SHA512
8be78e99314b8b3cc53947c9304513429c61e0afa36e2d49c46aae80b468cfd6254fb9fa735877fce846037c9be36211b891bfaed7ba5d3d488b9e26b6b430bb

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\1zlf022c\1zlf022c.cmdline

Filesize
377B

MD5
22272eb361e195d89f39552e1c99e303

SHA1
c422c651819830789dd2270260d0301bb524efab

SHA256
aaa8cd7a654fdf322ecdd0d9bfb9f09f0866ed4731139411ff4fd51e0c399dff

SHA512
e4b108475d30baeb1b8b1e116a0f847c61644cb3c2496a2c36e8de651776687a259f437b442b5f22ed415b1782ae4c6211623c40cd252a40aa8632d33495d552

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSC29BEAD06543D4FF792F587A024CEC172.TMP

Filesize
1KB

MD5
f919f2cfc364cc534ae9b8dceeebc742

SHA1
36eee7272671437c635f82643bc7b5478d79908d

SHA256
6540ef8330e130c8b71932f7e638a1c65ab8a36769694149791ae9029de509ad

SHA512
a008d6b456e100e84a0718c44271feb9aed9749a936fd52ef4bd27f986b7ab15851403a06ce8eb244b4a6458819a65d05f27c8453f349aa2aa93ceec926c3439

Download Submit
memory/6040-0-0x00007FFAB5BF3000-0x00007FFAB5BF5000-memory.dmp

Filesize
8KB

Download
memory/6040-1-0x00000000008B0000-0x00000000008BA000-memory.dmp

Filesize
40KB

Download
memory/6040-3-0x00007FFAB5BF0000-0x00007FFAB66B1000-memory.dmp

Filesize
10.8MB

Download
memory/6040-16-0x0000000002960000-0x000000000296A000-memory.dmp

Filesize
40KB

Download
memory/6040-18-0x00007FFAB5BF3000-0x00007FFAB5BF5000-memory.dmp

Filesize
8KB

Download
memory/6040-19-0x00007FFAB5BF0000-0x00007FFAB66B1000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads