73d182712658a78fd26ce255e03dff0dbfaabccf08bb76809c045447f603020d

Analysis

max time kernel
118s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 14:18

Target

73d182712658a78fd26ce255e03dff0dbfaabccf08bb76809c045447f603020d.dll
Size

397KB
MD5

163c85a98b7d39febf32dab17352fbb7
SHA1

1f5c8c8638fade4343bfc03b9f0206eac1bd3e81
SHA256

73d182712658a78fd26ce255e03dff0dbfaabccf08bb76809c045447f603020d
SHA512

b61bb77752b4e2644dbf654d457b4b7d07e64bcd5345a70817ef5994c506b9dd700a866096baa54dea427a9f09cd1df11bc546ff984c68ef83f9499b3ebfb561
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOa+:174g2LDeiPDImOkx2LIa+

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1852	rundll32.exe
Token: SeTcbPrivilege	1852	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 1852	2224	rundll32.exe	28
PID 2224 wrote to memory of 1852	2224	rundll32.exe	28
PID 2224 wrote to memory of 1852	2224	rundll32.exe	28
PID 2224 wrote to memory of 1852	2224	rundll32.exe	28
PID 2224 wrote to memory of 1852	2224	rundll32.exe	28
PID 2224 wrote to memory of 1852	2224	rundll32.exe	28
PID 2224 wrote to memory of 1852	2224	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\73d182712658a78fd26ce255e03dff0dbfaabccf08bb76809c045447f603020d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\73d182712658a78fd26ce255e03dff0dbfaabccf08bb76809c045447f603020d.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1852