1c8f873111ff21df9ceb22a3bded93552dd44e90b313d82b4a9a4db561e83676

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 12:52

Target

1c8f873111ff21df9ceb22a3bded93552dd44e90b313d82b4a9a4db561e83676.dll
Size

397KB
MD5

b2ba0c4d343c744f2e2e26b000df50bc
SHA1

60a688ec805a6bd3462afb506f8e01657d32cbf4
SHA256

1c8f873111ff21df9ceb22a3bded93552dd44e90b313d82b4a9a4db561e83676
SHA512

d5a81c15e7dffb5cbbe7105e38e6fe457e3b525191f1f0bb1a9bf126c4477b51bcae815ada3cee0eaa67e2c2134c6f116351a53c83d8df9da9d32ff7c0065c7d
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaP:174g2LDeiPDImOkx2LIaP

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2372	rundll32.exe
Token: SeTcbPrivilege	2372	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2372	2188	rundll32.exe	16
PID 2188 wrote to memory of 2372	2188	rundll32.exe	16
PID 2188 wrote to memory of 2372	2188	rundll32.exe	16
PID 2188 wrote to memory of 2372	2188	rundll32.exe	16
PID 2188 wrote to memory of 2372	2188	rundll32.exe	16
PID 2188 wrote to memory of 2372	2188	rundll32.exe	16
PID 2188 wrote to memory of 2372	2188	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c8f873111ff21df9ceb22a3bded93552dd44e90b313d82b4a9a4db561e83676.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2188