c86d86d064e0f862c3c1e0de3ea9df2eb97281176ebbe5dece5acfac5328b7e6

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
31-10-2023 06:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c86d86d064e0f862c3c1e0de3ea9df2eb97281176ebbe5dece5acfac5328b7e6.dll
Size

254KB
MD5

616091edd373093204ed61bb198359ec
SHA1

413aaaaed39f57888822ae005e2d4a882c62aa10
SHA256

c86d86d064e0f862c3c1e0de3ea9df2eb97281176ebbe5dece5acfac5328b7e6
SHA512

c49468d365246f2fc1a5e45e21eab9f7715a3bda5f2d1029265196b7c88a760b184ddec204ec54f2b17be376ba9a3fe7cc9e98cd56ef6ff0b35fb5891765c85d
SSDEEP

6144:XHXfaIohF43CVE7px3vxEDkChsPK5NK2O6jy7A:n6FZVUppSxhQ6

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2148	wmic.exe
Token: SeSecurityPrivilege	2148	wmic.exe
Token: SeTakeOwnershipPrivilege	2148	wmic.exe
Token: SeLoadDriverPrivilege	2148	wmic.exe
Token: SeSystemProfilePrivilege	2148	wmic.exe
Token: SeSystemtimePrivilege	2148	wmic.exe
Token: SeProfSingleProcessPrivilege	2148	wmic.exe
Token: SeIncBasePriorityPrivilege	2148	wmic.exe
Token: SeCreatePagefilePrivilege	2148	wmic.exe
Token: SeBackupPrivilege	2148	wmic.exe
Token: SeRestorePrivilege	2148	wmic.exe
Token: SeShutdownPrivilege	2148	wmic.exe
Token: SeDebugPrivilege	2148	wmic.exe
Token: SeSystemEnvironmentPrivilege	2148	wmic.exe
Token: SeRemoteShutdownPrivilege	2148	wmic.exe
Token: SeUndockPrivilege	2148	wmic.exe
Token: SeManageVolumePrivilege	2148	wmic.exe
Token: 33	2148	wmic.exe
Token: 34	2148	wmic.exe
Token: 35	2148	wmic.exe
Token: SeIncreaseQuotaPrivilege	2148	wmic.exe
Token: SeSecurityPrivilege	2148	wmic.exe
Token: SeTakeOwnershipPrivilege	2148	wmic.exe
Token: SeLoadDriverPrivilege	2148	wmic.exe
Token: SeSystemProfilePrivilege	2148	wmic.exe
Token: SeSystemtimePrivilege	2148	wmic.exe
Token: SeProfSingleProcessPrivilege	2148	wmic.exe
Token: SeIncBasePriorityPrivilege	2148	wmic.exe
Token: SeCreatePagefilePrivilege	2148	wmic.exe
Token: SeBackupPrivilege	2148	wmic.exe
Token: SeRestorePrivilege	2148	wmic.exe
Token: SeShutdownPrivilege	2148	wmic.exe
Token: SeDebugPrivilege	2148	wmic.exe
Token: SeSystemEnvironmentPrivilege	2148	wmic.exe
Token: SeRemoteShutdownPrivilege	2148	wmic.exe
Token: SeUndockPrivilege	2148	wmic.exe
Token: SeManageVolumePrivilege	2148	wmic.exe
Token: 33	2148	wmic.exe
Token: 34	2148	wmic.exe
Token: 35	2148	wmic.exe
Token: SeIncreaseQuotaPrivilege	2576	wmic.exe
Token: SeSecurityPrivilege	2576	wmic.exe
Token: SeTakeOwnershipPrivilege	2576	wmic.exe
Token: SeLoadDriverPrivilege	2576	wmic.exe
Token: SeSystemProfilePrivilege	2576	wmic.exe
Token: SeSystemtimePrivilege	2576	wmic.exe
Token: SeProfSingleProcessPrivilege	2576	wmic.exe
Token: SeIncBasePriorityPrivilege	2576	wmic.exe
Token: SeCreatePagefilePrivilege	2576	wmic.exe
Token: SeBackupPrivilege	2576	wmic.exe
Token: SeRestorePrivilege	2576	wmic.exe
Token: SeShutdownPrivilege	2576	wmic.exe
Token: SeDebugPrivilege	2576	wmic.exe
Token: SeSystemEnvironmentPrivilege	2576	wmic.exe
Token: SeRemoteShutdownPrivilege	2576	wmic.exe
Token: SeUndockPrivilege	2576	wmic.exe
Token: SeManageVolumePrivilege	2576	wmic.exe
Token: 33	2576	wmic.exe
Token: 34	2576	wmic.exe
Token: 35	2576	wmic.exe
Token: SeIncreaseQuotaPrivilege	2576	wmic.exe
Token: SeSecurityPrivilege	2576	wmic.exe
Token: SeTakeOwnershipPrivilege	2576	wmic.exe
Token: SeLoadDriverPrivilege	2576	wmic.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2148	2352	rundll32.exe	28
PID 2352 wrote to memory of 2148	2352	rundll32.exe	28
PID 2352 wrote to memory of 2148	2352	rundll32.exe	28
PID 2352 wrote to memory of 2576	2352	rundll32.exe	31
PID 2352 wrote to memory of 2576	2352	rundll32.exe	31
PID 2352 wrote to memory of 2576	2352	rundll32.exe	31
PID 2352 wrote to memory of 2744	2352	rundll32.exe	33
PID 2352 wrote to memory of 2744	2352	rundll32.exe	33
PID 2352 wrote to memory of 2744	2352	rundll32.exe	33
PID 2352 wrote to memory of 2640	2352	rundll32.exe	35
PID 2352 wrote to memory of 2640	2352	rundll32.exe	35
PID 2352 wrote to memory of 2640	2352	rundll32.exe	35
PID 2352 wrote to memory of 2492	2352	rundll32.exe	37
PID 2352 wrote to memory of 2492	2352	rundll32.exe	37
PID 2352 wrote to memory of 2492	2352	rundll32.exe	37
PID 2352 wrote to memory of 2512	2352	rundll32.exe	39
PID 2352 wrote to memory of 2512	2352	rundll32.exe	39
PID 2352 wrote to memory of 2512	2352	rundll32.exe	39

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c86d86d064e0f862c3c1e0de3ea9df2eb97281176ebbe5dece5acfac5328b7e6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\system32\wbem\wmic.exe
  C:\Windows\system32\wbem\wmic.exe CPU get SerialNumber /value
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2148
- C:\Windows\system32\wbem\wmic.exe
  C:\Windows\system32\wbem\wmic.exe CPU get ProcessorID /value
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2576
- C:\Windows\system32\wbem\wmic.exe
  C:\Windows\system32\wbem\wmic.exe BASEBOARD get SerialNumber /value
  2⤵
  PID:2744
- C:\Windows\system32\wbem\wmic.exe
  C:\Windows\system32\wbem\wmic.exe BIOS get SerialNumber /value
  2⤵
  PID:2640
- C:\Windows\system32\wbem\wmic.exe
  C:\Windows\system32\wbem\wmic.exe DISKDRIVE where index=0 get SerialNumber /value
  2⤵
  PID:2492
- C:\Windows\system32\wbem\wmic.exe
  C:\Windows\system32\wbem\wmic.exe NIC where 'PhysicalAdapter=TRUE AND NOT Name like "%Virtual%"' get MacAddress /value
  2⤵
  PID:2512

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads