5674a50d59f56e49b549e94f8da1667c5bed3896a459f5056e91762fb060899b

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 07:52

Target

5674a50d59f56e49b549e94f8da1667c5bed3896a459f5056e91762fb060899b.dll
Size

158KB
MD5

170524569c8624c80a5157d3ad42af8a
SHA1

96039a8572cc7e29f498e93a138c0f7bbdb3f54f
SHA256

5674a50d59f56e49b549e94f8da1667c5bed3896a459f5056e91762fb060899b
SHA512

b66e625f74a48d59e70bf60e80effc89021ac03c63150bfecf39f0791f041a7d7701661fb1557dd8733753ba9bf48b0f23e52d07d42124fd8bfce7666bd5e6db
SSDEEP

3072:Bzk9z4Uh+yQAbAbu7NWtMpebimeN7kgMwP2i/pPeqov:uDTQAbbMbxg7kVwOgeqo

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 1888	956	rundll32.exe	27
PID 956 wrote to memory of 1888	956	rundll32.exe	27
PID 956 wrote to memory of 1888	956	rundll32.exe	27
PID 956 wrote to memory of 1888	956	rundll32.exe	27
PID 956 wrote to memory of 1888	956	rundll32.exe	27
PID 956 wrote to memory of 1888	956	rundll32.exe	27
PID 956 wrote to memory of 1888	956	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5674a50d59f56e49b549e94f8da1667c5bed3896a459f5056e91762fb060899b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5674a50d59f56e49b549e94f8da1667c5bed3896a459f5056e91762fb060899b.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1888

memory/1888-55-0x0000000076561000-0x0000000076563000-memory.dmp

Filesize
8KB

Download