1f76251ccddc2f7f16e9bdc5a501d4f9441754ca3628171221c856c5bb36d32a

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:06

Target

04066bb756db53a32a5349c82a3be515.dll
Size

5KB
MD5

04066bb756db53a32a5349c82a3be515
SHA1

a1afca46dea9a6e020c91b3dd9b37145f0a70f41
SHA256

1f76251ccddc2f7f16e9bdc5a501d4f9441754ca3628171221c856c5bb36d32a
SHA512

2632ecdf1ffe2c3fe79e0007755cd84e7a21055a95ccf5d37ff477ac463f3c2fcf2f348632952f4039c7a85276240091802f042dbb4c3ec833ea04de14c8b198
SSDEEP

96:WiL76INKoZaiCn5OWkOWMyn0XVQlKJPNd2sh7LyGIO27ji:N2KqTWv0FiKhRXyg27ji

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2092	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 2092	2028	rundll32.exe	28
PID 2028 wrote to memory of 2092	2028	rundll32.exe	28
PID 2028 wrote to memory of 2092	2028	rundll32.exe	28
PID 2028 wrote to memory of 2092	2028	rundll32.exe	28
PID 2028 wrote to memory of 2092	2028	rundll32.exe	28
PID 2028 wrote to memory of 2092	2028	rundll32.exe	28
PID 2028 wrote to memory of 2092	2028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04066bb756db53a32a5349c82a3be515.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\04066bb756db53a32a5349c82a3be515.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2092

memory/2092-0-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download