c62738dba2a254b58b63a3392e6dbd677aa0a68b7adfc3c06b55235343fdb1b4

Analysis

max time kernel
47s
max time network
53s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
18-09-2022 23:00

Target

c62738dba2a254b58b63a3392e6dbd677aa0a68b7adfc3c06b55235343fdb1b4.dll
Size

22KB
MD5

c2458f9f4160e6172be218b619d29353
SHA1

e51b61e75a10887f00e824e9d3493d71f21f3dd1
SHA256

c62738dba2a254b58b63a3392e6dbd677aa0a68b7adfc3c06b55235343fdb1b4
SHA512

4abb5c336a6c1d6d96fee60d4dbd1422212959b1cc645947d487f05a6257d56276d207c6efa9f1491955602d34c6ca86dbda1a8c576bf09bf72968efce447c1b
SSDEEP

384:2WNhLtujlmm99XKjKhkdRa9Gb4HXgQMht6a9rbrFxk639aXGxh9d:7PLts0g9pgo/HXwht6aJVxk63v

Score

1^/10

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
464	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1612	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1612	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26
PID 1552 wrote to memory of 1612	1552	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c62738dba2a254b58b63a3392e6dbd677aa0a68b7adfc3c06b55235343fdb1b4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c62738dba2a254b58b63a3392e6dbd677aa0a68b7adfc3c06b55235343fdb1b4.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:1612

memory/1612-55-0x0000000075681000-0x0000000075683000-memory.dmp

Filesize
8KB

Download