121533298a948f9f218859556a725979a56a38ddf381a53160804b5f571af8d0

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
02/09/2023, 08:24

Target

121533298a948f9f218859556a725979a56a38ddf381a53160804b5f571af8d0.dll
Size

211KB
MD5

a4b5578d72ba8b61910fce95d02e4f65
SHA1

f43d259de0fad44cb1fc0a07360c1f1d300290d9
SHA256

121533298a948f9f218859556a725979a56a38ddf381a53160804b5f571af8d0
SHA512

f8e9e1dfdbb88926fa0c6947b323d65fcdad4ebd9f26cff88dd9858687225cca66ddc1557d466d1df5de7e4252ad4c6f7a511debdff4b123acdd01620322842a
SSDEEP

3072:S3LSfHbyKITqDYWDrCppCfWSVzvFYuNU+0RwCM4yXS8TFajhqROGq5dzu+fJtjuY:yOby3usWC89rfVXjRKhNGq57RZNnO

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2192	rundll32.exe
Token: SeTcbPrivilege	2192	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\121533298a948f9f218859556a725979a56a38ddf381a53160804b5f571af8d0.dll,#1
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2192