2f58a869711d2b28e6ecaac25cc2166daa46f7adfb719b7dd334e01c1474ca9b

Analysis

Target

2f58a869711d2b28e6ecaac25cc2166daa46f7adfb719b7dd334e01c1474ca9b.dll
Size

160KB
MD5

f782fa626b0c53d9cca2fbb29a65f23f
SHA1

9fabc6c255ea94262b6339e4b5949174afd30114
SHA256

2f58a869711d2b28e6ecaac25cc2166daa46f7adfb719b7dd334e01c1474ca9b
SHA512

2d023aa899d5025631534489c6a13de071113f36ae2ab32d53c833c749d262019f3c3bd7961f2da12753e389bab92f4bda429662dec77552a13c825258af9e18

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1244	2772	WerFault.exe	69

Suspicious behavior: EnumeratesProcesses 14 IoCs

Suspicious use of AdjustPrivilegeToken 3 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 2772	1456	rundll32.exe	69
PID 1456 wrote to memory of 2772	1456	rundll32.exe	69
PID 1456 wrote to memory of 2772	1456	rundll32.exe	69

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f58a869711d2b28e6ecaac25cc2166daa46f7adfb719b7dd334e01c1474ca9b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f58a869711d2b28e6ecaac25cc2166daa46f7adfb719b7dd334e01c1474ca9b.dll,#1
  2⤵
  PID:2772
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 616
    3⤵
    - Program crash
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1244