c1aa4886e64332097cbb38b945e216b027557a2dd5f870482b5abcd9a45fadea

Analysis

max time kernel
147s
max time network
147s
platform
windows7_x64
resource
win7-20231201-en
resource tags

arch:x64arch:x86image:win7-20231201-enlocale:en-usos:windows7-x64system
submitted
05-12-2023 11:30

Target

c1aa4886e64332097cbb38b945e216b027557a2dd5f870482b5abcd9a45fadea.dll
Size

163KB
MD5

17278c3f4e8bf56d9c1054f67f19b82c
SHA1

116dd7d4698e38f7fe87ce04808148393b7d1b43
SHA256

c1aa4886e64332097cbb38b945e216b027557a2dd5f870482b5abcd9a45fadea
SHA512

f65a81a7393265f249180060ee2cbb89bc2732f2198adb1ac336d33e3b93d9fbc3aae3b4de4789afdc43307e89f6e91dee121960c62390e4fdf343723447a8fc
SSDEEP

3072:ZwIlou75k4WvRcdqFfn7N1HGXyyf/dBWrr4IHtTBf9av9w956frbM:WKN75k1NFf7N1HGXyyN0IIHtTB41w9wD

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2284	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2284	2632	rundll32.exe	28
PID 2632 wrote to memory of 2284	2632	rundll32.exe	28
PID 2632 wrote to memory of 2284	2632	rundll32.exe	28
PID 2632 wrote to memory of 2284	2632	rundll32.exe	28
PID 2632 wrote to memory of 2284	2632	rundll32.exe	28
PID 2632 wrote to memory of 2284	2632	rundll32.exe	28
PID 2632 wrote to memory of 2284	2632	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c1aa4886e64332097cbb38b945e216b027557a2dd5f870482b5abcd9a45fadea.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c1aa4886e64332097cbb38b945e216b027557a2dd5f870482b5abcd9a45fadea.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2284