Analysis
-
max time kernel
118s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
30/12/2023, 07:10
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
11ce8210329e0cb7beccf59092da1226.dll
Resource
win7-20231215-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
11ce8210329e0cb7beccf59092da1226.dll
Resource
win10v2004-20231215-en
5 signatures
150 seconds
General
-
Target
11ce8210329e0cb7beccf59092da1226.dll
-
Size
12KB
-
MD5
11ce8210329e0cb7beccf59092da1226
-
SHA1
460db70cb2af705518849f91a52f3c29a9a50579
-
SHA256
bd9d9b3e29baa8c4bf055fb2868a197bcfb9363d1407bff9e8651b5f66bb8bd8
-
SHA512
0401d0ce78d5a2648138410cb81107579ef4a11c757d7ae928c5e5116e4f4ef16673e2beb9be0a55912f89b8e25255df38b9e75828826a1af4e066d5a5933b31
-
SSDEEP
192:ghTPKBMRxqMa3PN65UeOjPmCf/oCwJULtFpPoRB8Up26r4jcvTPIgXjlkgUw9Sl:QY0qd3l61wPRrwwvpkxp22TIg+vl
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 468 Process not Found -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2916 rundll32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2916 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2340 wrote to memory of 2916 2340 rundll32.exe 28 PID 2340 wrote to memory of 2916 2340 rundll32.exe 28 PID 2340 wrote to memory of 2916 2340 rundll32.exe 28 PID 2340 wrote to memory of 2916 2340 rundll32.exe 28 PID 2340 wrote to memory of 2916 2340 rundll32.exe 28 PID 2340 wrote to memory of 2916 2340 rundll32.exe 28 PID 2340 wrote to memory of 2916 2340 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\11ce8210329e0cb7beccf59092da1226.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2340 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\11ce8210329e0cb7beccf59092da1226.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2916
-