dcc5a722d758745b0dfbf2d5977012bc6c2b33d94b5769bfe56e475c22c7610f

Analysis

max time kernel
122s
max time network
132s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 10:34

Target

dcc5a722d758745b0dfbf2d5977012bc6c2b33d94b5769bfe56e475c22c7610f.dll
Size

4.5MB
MD5

b4ccd5273a433a0e38db76233d7619e7
SHA1

9109eab13b7a1b5b136c9a3574c0663c34561459
SHA256

dcc5a722d758745b0dfbf2d5977012bc6c2b33d94b5769bfe56e475c22c7610f
SHA512

9cc1e6ce5df8e506160f0335dfe6ede4499fbb976dc708b0ba4d0a0a046e9543f558d414dece2c4c970d47c385a90b55a91a9ad53583607615a00bf4ac12e51b
SSDEEP

98304:rXvtu7u8ElCTENy5O3Tz6iLapRq+16D0esvr9vnhyPhV:rXvtku8ElCTENy5O3TWiepRq+wD0eiF8

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2352	rundll32.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\cemslogtrivial.dll	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTcbPrivilege	2352	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 2352	1872	rundll32.exe	28
PID 1872 wrote to memory of 2352	1872	rundll32.exe	28
PID 1872 wrote to memory of 2352	1872	rundll32.exe	28
PID 1872 wrote to memory of 2352	1872	rundll32.exe	28
PID 1872 wrote to memory of 2352	1872	rundll32.exe	28
PID 1872 wrote to memory of 2352	1872	rundll32.exe	28
PID 1872 wrote to memory of 2352	1872	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcc5a722d758745b0dfbf2d5977012bc6c2b33d94b5769bfe56e475c22c7610f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dcc5a722d758745b0dfbf2d5977012bc6c2b33d94b5769bfe56e475c22c7610f.dll,#1
  2⤵
  - Loads dropped DLL
  - Drops file in System32 directory
  - Suspicious use of AdjustPrivilegeToken
  PID:2352

\Windows\SysWOW64\cemslogtrivial.dll

Filesize
744KB

MD5
edcc4763514931cfb463da18b632d34e

SHA1
48e3031074ab5d19b076f497b4e50ba65ab8d4b9

SHA256
fd2a8db95d5fdc624eec821acb428f69c7948c2a706f98d65a7fd517c4e5a0db

SHA512
234e9afd356e73f1b6339273b7ad1f1337b1385cae756310235fcb25b1f04a983f72ba754b948c91a7b765f7fee10a032dc5377bb3bd902bcdec870588607da0

Download Submit