5c63933553e1452d634beb2b295333e4db5742e571322d823648d4e5c94b2828

Analysis

max time kernel
102s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f0a89c07b9469213af04a10fe708088.exe
Size

18KB
MD5

7f0a89c07b9469213af04a10fe708088
SHA1

7685d07deda4a01a8f321297e3c80665d583f008
SHA256

b2d8642a5af12e05830c92b8aa92cd7656a7bb9da69ce5f29b6af5bb3b250ad4
SHA512

9258bf8057fb1e8fa5e901f5e08f327ece6b3f903cf3a0d0e9c25377bd58ed0a83b62defdeaac1814c905a9dae9a03e64b3db3233569fd1eb653bf8f9c5f5065
SSDEEP

384:6PTjhUiZtSPbFBwFIcNcxSRcL9IXBUdhmfTkK6aHv+q:66i+Pb9xSRcZwUdQTF

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5784	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5784	AUDIODG.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 5476 wrote to memory of 3984	5476	7f0a89c07b9469213af04a10fe708088.exe	89
PID 5476 wrote to memory of 3984	5476	7f0a89c07b9469213af04a10fe708088.exe	89
PID 3984 wrote to memory of 6052	3984	csc.exe	90
PID 3984 wrote to memory of 6052	3984	csc.exe	90

C:\Users\Admin\AppData\Local\Temp\7f0a89c07b9469213af04a10fe708088.exe
"C:\Users\Admin\AppData\Local\Temp\7f0a89c07b9469213af04a10fe708088.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5476
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe
  "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\vv3eicsl\vv3eicsl.cmdline"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3984
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES6503.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCBBE245ACD59C493B98B6DBD14621B94D.TMP"
    3⤵
    PID:6052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f4 0x150
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RES6503.tmp

Filesize
1KB

MD5
55c8b63a44ac76c2f347a3fffe5bb8db

SHA1
13ad66708ed616e51037286e02f6d1eade30f9fb

SHA256
29a2b70789d2914c0fc5b0f2dbe236b24526f009e3a6b52ae16bf4f37445375d

SHA512
798e670f94f9bd5bf75bc20669ea2ac7516001f28563c2956218a9ff0188e1f43062f140aeb5b16bf70343ad4cbe7c0b2bdc5bef7f2094b1c042edbab29bc7db

Download Submit
C:\Users\Admin\AppData\Local\Temp\b5825fba-b2d9-49e3-b3d9-353c15f1aae4.exe

Filesize
18KB

MD5
85a7cd2fb0953675c1e7a8c224e86028

SHA1
ea97ccc146d6d026cb7b36575777bef489d1d9cb

SHA256
9aa360212e66b225702d1be2f09265514146500b7483df6dd6d962765ff4261d

SHA512
d5cb2f5059978f2a585c515dada4a6ec720d9fef63dd01aaaa5ad4d9c19c0572c1c88ee90d6a8c85a44fd7c8e2730adc8f6bb69dc123d53328e36cd364bc9be5

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\CSCBBE245ACD59C493B98B6DBD14621B94D.TMP

Filesize
1KB

MD5
984eb8e732e9106f46c73c181dcb8bb3

SHA1
5f0c1feb75c484c3d06e28fabb50c7c27cc58e0a

SHA256
c9c3a6947375a59c77eaf53ab58ddb8ae9b2f6e8babb68fbfa4e831d01da1ee0

SHA512
920b2fddb688795df301114fa6bb12f117af331fd304bd13636cc70a41045451905afee9317e75c58391eb3f230bd50642eb497137b5b1c47c815c424a4be9bf

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\vv3eicsl\vv3eicsl.0.cs

Filesize
41KB

MD5
1a4fc3ee22b6c155e7e75f4d074997b2

SHA1
51c6e2928f90299d4aae8ad2bb4888fec9eda138

SHA256
a2be1d157d2563b920977438493c832247872c18e8490c3c5978054cbd12a0f8

SHA512
90b7799e7ea24d3b1bf9942bdbc6c42650ed4dfa4c8503be5c20c08136ad3c5c07807dac52e08647f57d5c94e77eee18b5419caa24ee4435bd0137df6b82d9e6

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\vv3eicsl\vv3eicsl.cmdline

Filesize
377B

MD5
56d4bbcba44eb55508dac8dfb4c69e5b

SHA1
01e4aa54cdc8e9fa3eb23f36a65dfa97c91c04e8

SHA256
cd390cce3a423b74772619402c0ece37c8f022a9c7305dafae6a4c10647c032e

SHA512
c59713fcf77badb22d78fb309e7fb318b143a724d96bcc4c49a03f88adb0e61bcb877ddd828cf841ab2f4fb7c2e3ea14a56de266dc602d270d2bc8ba8a3f8fe4

Download Submit
memory/5476-0-0x0000000000F10000-0x0000000000F1A000-memory.dmp

Filesize
40KB

Download
memory/5476-1-0x00007FFEEDF53000-0x00007FFEEDF55000-memory.dmp

Filesize
8KB

Download
memory/5476-3-0x00007FFEEDF50000-0x00007FFEEEA11000-memory.dmp

Filesize
10.8MB

Download
memory/5476-16-0x0000000001710000-0x000000000171A000-memory.dmp

Filesize
40KB

Download
memory/5476-18-0x00007FFEEDF50000-0x00007FFEEEA11000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads