951302ec70ed0ac693aa90b9c9723ecfe97e58ac91ecb83bb2ed3e000006dc5a

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:45

Target

02278d182cc8264d57a1349034223c2b.dll
Size

77KB
MD5

02278d182cc8264d57a1349034223c2b
SHA1

a0bd35ef4b64d17c2ae683614b217b5fefda9858
SHA256

951302ec70ed0ac693aa90b9c9723ecfe97e58ac91ecb83bb2ed3e000006dc5a
SHA512

cbad9185b2112e1d2529209b2fdf51f80b74784b6a99c28d1527701928fb32a786f6c03eea6e2552d6d6f2d610374d5f0f25f2a37fe0e0723ef233dde5f1eb52
SSDEEP

1536:DBYyqyQpzJhaEmUFVV9rWmF5j65kzVS41XBt8WLu:VIPbmUFVV9rj52bmv8W

Score

1^/10

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1904	rundll32.exe
Token: SeSecurityPrivilege	1904	rundll32.exe
Token: SeTakeOwnershipPrivilege	1904	rundll32.exe
Token: SeLoadDriverPrivilege	1904	rundll32.exe
Token: SeSystemProfilePrivilege	1904	rundll32.exe
Token: SeSystemtimePrivilege	1904	rundll32.exe
Token: SeProfSingleProcessPrivilege	1904	rundll32.exe
Token: SeIncBasePriorityPrivilege	1904	rundll32.exe
Token: SeCreatePagefilePrivilege	1904	rundll32.exe
Token: SeBackupPrivilege	1904	rundll32.exe
Token: SeRestorePrivilege	1904	rundll32.exe
Token: SeShutdownPrivilege	1904	rundll32.exe
Token: SeDebugPrivilege	1904	rundll32.exe
Token: SeSystemEnvironmentPrivilege	1904	rundll32.exe
Token: SeRemoteShutdownPrivilege	1904	rundll32.exe
Token: SeUndockPrivilege	1904	rundll32.exe
Token: SeManageVolumePrivilege	1904	rundll32.exe
Token: 33	1904	rundll32.exe
Token: 34	1904	rundll32.exe
Token: 35	1904	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 1904	2532	rundll32.exe	14
PID 2532 wrote to memory of 1904	2532	rundll32.exe	14
PID 2532 wrote to memory of 1904	2532	rundll32.exe	14
PID 2532 wrote to memory of 1904	2532	rundll32.exe	14
PID 2532 wrote to memory of 1904	2532	rundll32.exe	14
PID 2532 wrote to memory of 1904	2532	rundll32.exe	14
PID 2532 wrote to memory of 1904	2532	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\02278d182cc8264d57a1349034223c2b.dll,#1
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1904

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\02278d182cc8264d57a1349034223c2b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2532

memory/1904-0-0x000000005F050000-0x000000005F051000-memory.dmp

Filesize
4KB

Download
memory/1904-3-0x000000005F090000-0x000000005F091000-memory.dmp

Filesize
4KB

Download
memory/1904-2-0x000000005F080000-0x000000005F081000-memory.dmp

Filesize
4KB

Download
memory/1904-1-0x000000005F050000-0x000000005F051000-memory.dmp

Filesize
4KB

Download