Analysis
-
max time kernel
122s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20230831-en -
resource tags
arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system -
submitted
08/10/2023, 01:39
Static task
static1
Behavioral task
behavioral1
Sample
d14a39435866dbcecea743f736021baf452ebb4116a67065a74fdddd64d6e762.dll
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral2
Sample
d14a39435866dbcecea743f736021baf452ebb4116a67065a74fdddd64d6e762.dll
Resource
win10v2004-20230915-en
windows10-2004-x64
General
-
Target
d14a39435866dbcecea743f736021baf452ebb4116a67065a74fdddd64d6e762.dll
-
Size
2.2MB
-
MD5
330ee6afc38ab31197ad42ff58be6a51
-
SHA1
b2916b80ca54f3127b071f24ca7da4a57501beca
-
SHA256
d14a39435866dbcecea743f736021baf452ebb4116a67065a74fdddd64d6e762
-
SHA512
b5b4323782bb3da9155888ae8099720f861625339f2f429e3ac3931f22baedce97927c698168ae182e035c6fafc5de3f162c8948d05336a4fb29f90e943927e3
-
SSDEEP
24576:o2V1LD6dgegbBCbCGDSRGpjMATV0aeWZnbifISiJGwchf5vjWUZrSr:7/I04nbW/LdzSr
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
description pid Process Token: 1 1604 rundll32.exe Token: SeCreateTokenPrivilege 1604 rundll32.exe Token: SeAssignPrimaryTokenPrivilege 1604 rundll32.exe Token: SeLockMemoryPrivilege 1604 rundll32.exe Token: SeIncreaseQuotaPrivilege 1604 rundll32.exe Token: SeMachineAccountPrivilege 1604 rundll32.exe Token: SeTcbPrivilege 1604 rundll32.exe Token: SeSecurityPrivilege 1604 rundll32.exe Token: SeTakeOwnershipPrivilege 1604 rundll32.exe Token: SeLoadDriverPrivilege 1604 rundll32.exe Token: SeSystemProfilePrivilege 1604 rundll32.exe Token: SeSystemtimePrivilege 1604 rundll32.exe Token: SeProfSingleProcessPrivilege 1604 rundll32.exe Token: SeIncBasePriorityPrivilege 1604 rundll32.exe Token: SeCreatePagefilePrivilege 1604 rundll32.exe Token: SeCreatePermanentPrivilege 1604 rundll32.exe Token: SeBackupPrivilege 1604 rundll32.exe Token: SeRestorePrivilege 1604 rundll32.exe Token: SeShutdownPrivilege 1604 rundll32.exe Token: SeDebugPrivilege 1604 rundll32.exe Token: SeAuditPrivilege 1604 rundll32.exe Token: SeSystemEnvironmentPrivilege 1604 rundll32.exe Token: SeChangeNotifyPrivilege 1604 rundll32.exe Token: SeRemoteShutdownPrivilege 1604 rundll32.exe Token: SeUndockPrivilege 1604 rundll32.exe Token: SeSyncAgentPrivilege 1604 rundll32.exe Token: SeEnableDelegationPrivilege 1604 rundll32.exe Token: SeManageVolumePrivilege 1604 rundll32.exe Token: SeImpersonatePrivilege 1604 rundll32.exe Token: SeCreateGlobalPrivilege 1604 rundll32.exe Token: 31 1604 rundll32.exe Token: 32 1604 rundll32.exe Token: 33 1604 rundll32.exe Token: 34 1604 rundll32.exe Token: 35 1604 rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1604 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1856 wrote to memory of 1604 1856 rundll32.exe 28 PID 1856 wrote to memory of 1604 1856 rundll32.exe 28 PID 1856 wrote to memory of 1604 1856 rundll32.exe 28 PID 1856 wrote to memory of 1604 1856 rundll32.exe 28 PID 1856 wrote to memory of 1604 1856 rundll32.exe 28 PID 1856 wrote to memory of 1604 1856 rundll32.exe 28 PID 1856 wrote to memory of 1604 1856 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d14a39435866dbcecea743f736021baf452ebb4116a67065a74fdddd64d6e762.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1856 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d14a39435866dbcecea743f736021baf452ebb4116a67065a74fdddd64d6e762.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1604
-