92e98d4866ace3e920475f54097673c10511b40ab859c0401df6d37f796256b5

Analysis

max time kernel
117s
max time network
137s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 12:46

Target

92e98d4866ace3e920475f54097673c10511b40ab859c0401df6d37f796256b5.dll
Size

1.1MB
MD5

69a78055bc478db2958267d5d90ac734
SHA1

54bec8e213eec15cb37c1939a9adfeed70f6dd84
SHA256

92e98d4866ace3e920475f54097673c10511b40ab859c0401df6d37f796256b5
SHA512

1c609c998b1e4088b974f84c2a0a407f230fdcb1984d16fe64072cda4d0bfcf231896fdbe70550a5e0373c7a7d44b2353907d9132e0117ec59a67d8d80a41a2b
SSDEEP

24576:1IMe6Y66qP9nYhpo6DpQ638OFksYzDLnkT53yG:1Ip63lWfoIonOVl

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2004	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3068 wrote to memory of 2004	3068	rundll32.exe	28
PID 3068 wrote to memory of 2004	3068	rundll32.exe	28
PID 3068 wrote to memory of 2004	3068	rundll32.exe	28
PID 3068 wrote to memory of 2004	3068	rundll32.exe	28
PID 3068 wrote to memory of 2004	3068	rundll32.exe	28
PID 3068 wrote to memory of 2004	3068	rundll32.exe	28
PID 3068 wrote to memory of 2004	3068	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\92e98d4866ace3e920475f54097673c10511b40ab859c0401df6d37f796256b5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\92e98d4866ace3e920475f54097673c10511b40ab859c0401df6d37f796256b5.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2004