031af8f6cf2c432bd60dbfc4814c1f48054e4476268d13ac75fcea0c825a19db

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 13:31

Target

031af8f6cf2c432bd60dbfc4814c1f48054e4476268d13ac75fcea0c825a19db.dll
Size

397KB
MD5

41c573f37d953f7cf048b074c7b72699
SHA1

d1d749c892c4c189f502acf57d48c68528c25292
SHA256

031af8f6cf2c432bd60dbfc4814c1f48054e4476268d13ac75fcea0c825a19db
SHA512

38fe8d5176fe05be391ff2c0a6813efb592d6df686e0f9d55777d493c28e8c6ec39aa7426395748af92cfac22257fce59f382797194bbd1e8c1407104b41d339
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOag:174g2LDeiPDImOkx2LIag

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1244	rundll32.exe
Token: SeTcbPrivilege	1244	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 1244	2920	rundll32.exe	14
PID 2920 wrote to memory of 1244	2920	rundll32.exe	14
PID 2920 wrote to memory of 1244	2920	rundll32.exe	14
PID 2920 wrote to memory of 1244	2920	rundll32.exe	14
PID 2920 wrote to memory of 1244	2920	rundll32.exe	14
PID 2920 wrote to memory of 1244	2920	rundll32.exe	14
PID 2920 wrote to memory of 1244	2920	rundll32.exe	14

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\031af8f6cf2c432bd60dbfc4814c1f48054e4476268d13ac75fcea0c825a19db.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2920