33ce3f67c5596cc9c71655693445483a80a4ca8b1a1b23c41ba8eb5a233d362a

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 14:14

Target

249b075ecad5eeb3f2c801696b30f116.dll
Size

33KB
MD5

249b075ecad5eeb3f2c801696b30f116
SHA1

ccd2966059f8723e50594f7c1bf6c288bcea9e75
SHA256

33ce3f67c5596cc9c71655693445483a80a4ca8b1a1b23c41ba8eb5a233d362a
SHA512

18fffd3163cc013b1759063c51cc9917ce3603e3b256032d8a7ee9d6b186d9f1b263e513c7af6585ed27451bf594c2c8db39012821bd907e7bc368abb5e8ad28
SSDEEP

768:U+aoi6qZOpQB5ZpOc06HCMN9GT6RJ5BHUEy2YEZZEo:U+av6qZ4QxpP0AtNfRJ5BHxY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1436	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 1436	1104	rundll32.exe	28
PID 1104 wrote to memory of 1436	1104	rundll32.exe	28
PID 1104 wrote to memory of 1436	1104	rundll32.exe	28
PID 1104 wrote to memory of 1436	1104	rundll32.exe	28
PID 1104 wrote to memory of 1436	1104	rundll32.exe	28
PID 1104 wrote to memory of 1436	1104	rundll32.exe	28
PID 1104 wrote to memory of 1436	1104	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\249b075ecad5eeb3f2c801696b30f116.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\249b075ecad5eeb3f2c801696b30f116.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1436

memory/1436-0-0x0000000000120000-0x000000000012E000-memory.dmp

Filesize
56KB

Download
memory/1436-1-0x0000000074940000-0x00000000749CD000-memory.dmp

Filesize
564KB

Download
memory/1436-2-0x0000000076B20000-0x0000000076C10000-memory.dmp

Filesize
960KB

Download