de4bcaab626e69d5c5c7f6e37cf07bc91041e72f0adcabaaca0f6b370bac13c6 | Triage

Analysis

max time kernel
7s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 00:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

08848406a6e9f86d5844773a07488e08.dll
Size

28KB
MD5

08848406a6e9f86d5844773a07488e08
SHA1

8d7319d36a63cbce59147bbe3b46b16ee833f5bf
SHA256

de4bcaab626e69d5c5c7f6e37cf07bc91041e72f0adcabaaca0f6b370bac13c6
SHA512

5beaa7603e127d0b9e6ffb95c9b240149c20d41d815a957df2d138bb55b78b8b1b71fafb17d602083d68a1b54b8ed512405451c18f6d7918e750fa89e262676e
SSDEEP

192:XSjvj2nH0tBeDTmAAIJonG4KzJQh/Up+1msKhDAVlDkCda:ijjKHQGSIJG5JAea

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2208	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2208	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2208	2216	rundll32.exe	16
PID 2216 wrote to memory of 2208	2216	rundll32.exe	16
PID 2216 wrote to memory of 2208	2216	rundll32.exe	16
PID 2216 wrote to memory of 2208	2216	rundll32.exe	16
PID 2216 wrote to memory of 2208	2216	rundll32.exe	16
PID 2216 wrote to memory of 2208	2216	rundll32.exe	16
PID 2216 wrote to memory of 2208	2216	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\08848406a6e9f86d5844773a07488e08.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\08848406a6e9f86d5844773a07488e08.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads