af6c40c1ee2a1d3e39b0c28097a56a724adfe1c7e4e71ada96e76d15b3a6a51c

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:39

Target

04a4ccd32dba4f86c79a388ce33cedd9.dll
Size

174KB
MD5

04a4ccd32dba4f86c79a388ce33cedd9
SHA1

222023a46e33704c3a6228ed60b97a946288b1eb
SHA256

af6c40c1ee2a1d3e39b0c28097a56a724adfe1c7e4e71ada96e76d15b3a6a51c
SHA512

1121af8f2220fcf5f506c0fb1b7cc46e12600a81ef651498db781d982456e81932f7ad5d51ba02bba2b054563a9c66a1dfa257b6405671dd0c602ff4e317bdd9
SSDEEP

3072:aZtFth6CziKWOvWx1JslfaY1oqKgqDQy0bJX6AriMtndKMo:SFth6KW1VRqKgqDQy0dqcLtdK

Score

4^/10

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\mywinsys.ini	rundll32.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1992	rundll32.exe
Token: SeDebugPrivilege	1992	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 1992	1632	rundll32.exe	17
PID 1632 wrote to memory of 1992	1632	rundll32.exe	17
PID 1632 wrote to memory of 1992	1632	rundll32.exe	17
PID 1632 wrote to memory of 1992	1632	rundll32.exe	17
PID 1632 wrote to memory of 1992	1632	rundll32.exe	17
PID 1632 wrote to memory of 1992	1632	rundll32.exe	17
PID 1632 wrote to memory of 1992	1632	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04a4ccd32dba4f86c79a388ce33cedd9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\04a4ccd32dba4f86c79a388ce33cedd9.dll,#1
  2⤵
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  PID:1992

C:\Windows\mywinsys.ini

Filesize
15B

MD5
f76b79ad78d2c7c08e33c53798efd7ab

SHA1
40e3ed279bb7e37b7e37c62ad9b7183f81234ca2

SHA256
3c9fee212611cf3dde2fcc18e09e3811a37c6bc2eb4b542d1006f96601dfa04c

SHA512
7aebfa69e2b70d647f64ed912ca6d5ae881d4df6679cac303c67a69abce98f4ef5d185b0c07efbe5fb67ee9453311f58a3ac50272889f59ba73e3c45ba667647

Download Submit
memory/1992-0-0x00000000001E0000-0x0000000000211000-memory.dmp

Filesize
196KB

Download
memory/1992-28-0x00000000001E0000-0x0000000000211000-memory.dmp

Filesize
196KB

Download
memory/1992-39-0x00000000001E0000-0x0000000000211000-memory.dmp

Filesize
196KB

Download