eb776ff7590a153f5d2ef20432f4ed3578341d41781b28aa3d90575a2caf5adf

Analysis

max time kernel
37s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 06:10

Target

eb776ff7590a153f5d2ef20432f4ed3578341d41781b28aa3d90575a2caf5adf.dll
Size

1009KB
MD5

9d33d87768c6b2116439b6b971120960
SHA1

49e330ce398672f5f9db3c82291e4fb00fc6035a
SHA256

eb776ff7590a153f5d2ef20432f4ed3578341d41781b28aa3d90575a2caf5adf
SHA512

f01f1135bc445db2a6218165ef9c049ab82b372a52cbe87c7bc102d5194bb0ae221f47062d64386ce1aefcca69345a36a0456a26f327c7785c427c1e284a65ee
SSDEEP

6144:7YAoZe2Pq+my/eyjU4fQYq//t8oXk/a4fJPcu6l8ohteJqBcNOER7bWGug/ozff+:7Y9ZvcygMQYq/1KBEjSohty1yZq

Score

1^/10

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2004	rundll32.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1608 wrote to memory of 2004	1608	rundll32.exe	26
PID 1608 wrote to memory of 2004	1608	rundll32.exe	26
PID 1608 wrote to memory of 2004	1608	rundll32.exe	26
PID 1608 wrote to memory of 2004	1608	rundll32.exe	26
PID 1608 wrote to memory of 2004	1608	rundll32.exe	26
PID 1608 wrote to memory of 2004	1608	rundll32.exe	26
PID 1608 wrote to memory of 2004	1608	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eb776ff7590a153f5d2ef20432f4ed3578341d41781b28aa3d90575a2caf5adf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1608
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\eb776ff7590a153f5d2ef20432f4ed3578341d41781b28aa3d90575a2caf5adf.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2004

memory/2004-55-0x0000000075A91000-0x0000000075A93000-memory.dmp

Filesize
8KB

Download