ddda2c030e3a67f61460cb90f1f71f11c63ed6ccef404325b9ec0f5ad3652b1a

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 16:47

Target

ddda2c030e3a67f61460cb90f1f71f11c63ed6ccef404325b9ec0f5ad3652b1a.dll
Size

10KB
MD5

222f69a1671cd21f7e55e6255c2aa605
SHA1

bd9b89e496ff05f7dd1fb9cf8cf25c78642ae0a8
SHA256

ddda2c030e3a67f61460cb90f1f71f11c63ed6ccef404325b9ec0f5ad3652b1a
SHA512

dda2624c50e305b0077c9fe0033c73a64e73cabb0b22e32c8c12e0d0ae7ccb9278ff3718391861665eb6c9f62020f6d2978a8b1fc2f0b18c3f579c7e7106ed07
SSDEEP

192:EaGsVRdStUIhx8EqU4VRLwagAcUrgL0oKbAyFP2JzLNbxbvtpmzhwX:EaDVyUo2EqU+0looaAyF4Rbxjtp9X

Score

1^/10

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1204	rundll32.exe
Token: SeSecurityPrivilege	1204	rundll32.exe
Token: SeTakeOwnershipPrivilege	1204	rundll32.exe
Token: SeLoadDriverPrivilege	1204	rundll32.exe
Token: SeSystemProfilePrivilege	1204	rundll32.exe
Token: SeSystemtimePrivilege	1204	rundll32.exe
Token: SeProfSingleProcessPrivilege	1204	rundll32.exe
Token: SeIncBasePriorityPrivilege	1204	rundll32.exe
Token: SeCreatePagefilePrivilege	1204	rundll32.exe
Token: SeBackupPrivilege	1204	rundll32.exe
Token: SeRestorePrivilege	1204	rundll32.exe
Token: SeShutdownPrivilege	1204	rundll32.exe
Token: SeDebugPrivilege	1204	rundll32.exe
Token: SeSystemEnvironmentPrivilege	1204	rundll32.exe
Token: SeChangeNotifyPrivilege	1204	rundll32.exe
Token: SeRemoteShutdownPrivilege	1204	rundll32.exe
Token: SeUndockPrivilege	1204	rundll32.exe
Token: SeManageVolumePrivilege	1204	rundll32.exe
Token: SeImpersonatePrivilege	1204	rundll32.exe
Token: SeCreateGlobalPrivilege	1204	rundll32.exe
Token: 33	1204	rundll32.exe
Token: 34	1204	rundll32.exe
Token: 35	1204	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 1204	832	rundll32.exe	28
PID 832 wrote to memory of 1204	832	rundll32.exe	28
PID 832 wrote to memory of 1204	832	rundll32.exe	28
PID 832 wrote to memory of 1204	832	rundll32.exe	28
PID 832 wrote to memory of 1204	832	rundll32.exe	28
PID 832 wrote to memory of 1204	832	rundll32.exe	28
PID 832 wrote to memory of 1204	832	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ddda2c030e3a67f61460cb90f1f71f11c63ed6ccef404325b9ec0f5ad3652b1a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:832
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ddda2c030e3a67f61460cb90f1f71f11c63ed6ccef404325b9ec0f5ad3652b1a.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1204

memory/1204-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download
memory/1204-56-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download
memory/1204-57-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download
memory/1204-58-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download