adac7203fb8f7429094a425d3ed643ec964cb2ec1161f276b4b864cd43f59ea3

Analysis

max time kernel
65s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
30-11-2022 23:34

Target

adac7203fb8f7429094a425d3ed643ec964cb2ec1161f276b4b864cd43f59ea3.dll
Size

32KB
MD5

bf3d1f6b47b041404a28c4a915193019
SHA1

f66bfd57246acb930eed060cb3830b76bde123d3
SHA256

adac7203fb8f7429094a425d3ed643ec964cb2ec1161f276b4b864cd43f59ea3
SHA512

ffbc2559797ca9479371f1d7cafe6250548d2947610adf6b4a46a6c2199411985e10ec9571d85fb1f90714617cf2ab39f6430cbd21683ee72b782df8178f45eb
SSDEEP

768:upCmoi6qZOpQB5ZpOc06HCMH/sJ2Fvu7s9C84ZZ:ugmv6qZ4QxpP0AtH0J6O

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	360	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 360	1500	rundll32.exe	28
PID 1500 wrote to memory of 360	1500	rundll32.exe	28
PID 1500 wrote to memory of 360	1500	rundll32.exe	28
PID 1500 wrote to memory of 360	1500	rundll32.exe	28
PID 1500 wrote to memory of 360	1500	rundll32.exe	28
PID 1500 wrote to memory of 360	1500	rundll32.exe	28
PID 1500 wrote to memory of 360	1500	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\adac7203fb8f7429094a425d3ed643ec964cb2ec1161f276b4b864cd43f59ea3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1500
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\adac7203fb8f7429094a425d3ed643ec964cb2ec1161f276b4b864cd43f59ea3.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:360

memory/360-55-0x0000000075151000-0x0000000075153000-memory.dmp

Filesize
8KB

Download