12ed6d183cc130f8a7c33418013a05ffbec817a2981e987ef5931e0e9245d7c5

General

Target

12ed6d183cc130f8a7c33418013a05ffbec817a2981e987ef5931e0e9245d7c5.dll
Size

5KB
MD5

d9337ff3c22d2a4258890fd38c5e7d7f
SHA1

6dae55e6a58b612fedb42ebb73a77f9c4b932e27
SHA256

12ed6d183cc130f8a7c33418013a05ffbec817a2981e987ef5931e0e9245d7c5
SHA512

166d9dd0c11cc8d685868e976014938d1abfbb087485324f720b76002e44250309e618622461b6203ea6470dedec62002bea3bda32f4ebf7ef385c78327315ac

Score

8^/10

Blocklisted process makes network request 1 IoCs

Processes:

msiexec.exe

flow pid process

5 1628 msiexec.exe
Use of msiexec (install) with remote resource 1 IoCs

Processes:

msiexec.exe

pid process

3456 msiexec.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

rundll32.exe

description pid process target process

PID 2832 set thread context of 3128 2832 rundll32.exe rundll32.exe

flow	pid	process
5	1628	msiexec.exe

pid	process
3456	msiexec.exe

description	pid	process	target process
PID 2832 set thread context of 3128	2832	rundll32.exe	rundll32.exe

Suspicious use of AdjustPrivilegeToken 32 IoCs

Processes:

msiexec.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	3456	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3456	msiexec.exe
Token: SeSecurityPrivilege	1628	msiexec.exe
Token: SeCreateTokenPrivilege	3456	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3456	msiexec.exe
Token: SeLockMemoryPrivilege	3456	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3456	msiexec.exe
Token: SeMachineAccountPrivilege	3456	msiexec.exe
Token: SeTcbPrivilege	3456	msiexec.exe
Token: SeSecurityPrivilege	3456	msiexec.exe
Token: SeTakeOwnershipPrivilege	3456	msiexec.exe
Token: SeLoadDriverPrivilege	3456	msiexec.exe
Token: SeSystemProfilePrivilege	3456	msiexec.exe
Token: SeSystemtimePrivilege	3456	msiexec.exe
Token: SeProfSingleProcessPrivilege	3456	msiexec.exe
Token: SeIncBasePriorityPrivilege	3456	msiexec.exe
Token: SeCreatePagefilePrivilege	3456	msiexec.exe
Token: SeCreatePermanentPrivilege	3456	msiexec.exe
Token: SeBackupPrivilege	3456	msiexec.exe
Token: SeRestorePrivilege	3456	msiexec.exe
Token: SeShutdownPrivilege	3456	msiexec.exe
Token: SeDebugPrivilege	3456	msiexec.exe
Token: SeAuditPrivilege	3456	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3456	msiexec.exe
Token: SeChangeNotifyPrivilege	3456	msiexec.exe
Token: SeRemoteShutdownPrivilege	3456	msiexec.exe
Token: SeUndockPrivilege	3456	msiexec.exe
Token: SeSyncAgentPrivilege	3456	msiexec.exe
Token: SeEnableDelegationPrivilege	3456	msiexec.exe
Token: SeManageVolumePrivilege	3456	msiexec.exe
Token: SeImpersonatePrivilege	3456	msiexec.exe
Token: SeCreateGlobalPrivilege	3456	msiexec.exe

Suspicious use of WriteProcessMemory 10 IoCs

Processes:

rundll32.exerundll32.exerundll32.exe

description	pid	process	target process
PID 2388 wrote to memory of 2832	2388	rundll32.exe	rundll32.exe
PID 2388 wrote to memory of 2832	2388	rundll32.exe	rundll32.exe
PID 2388 wrote to memory of 2832	2388	rundll32.exe	rundll32.exe
PID 2832 wrote to memory of 3128	2832	rundll32.exe	rundll32.exe
PID 2832 wrote to memory of 3128	2832	rundll32.exe	rundll32.exe
PID 2832 wrote to memory of 3128	2832	rundll32.exe	rundll32.exe
PID 2832 wrote to memory of 3128	2832	rundll32.exe	rundll32.exe
PID 3128 wrote to memory of 3456	3128	rundll32.exe	msiexec.exe
PID 3128 wrote to memory of 3456	3128	rundll32.exe	msiexec.exe
PID 3128 wrote to memory of 3456	3128	rundll32.exe	msiexec.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12ed6d183cc130f8a7c33418013a05ffbec817a2981e987ef5931e0e9245d7c5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2388

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe
3⤵
- Suspicious use of WriteProcessMemory
PID:3128