604967a0b6f137bd38d8ba90b117ed61b7fc3be348f5e91ffb96ac8e7158e3a4

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 12:43

Target

604967a0b6f137bd38d8ba90b117ed61b7fc3be348f5e91ffb96ac8e7158e3a4.dll
Size

397KB
MD5

f3cb1f90037d97825e59c34acf733994
SHA1

402e9286446f5872085037930e2be501f683a35f
SHA256

604967a0b6f137bd38d8ba90b117ed61b7fc3be348f5e91ffb96ac8e7158e3a4
SHA512

62d2374d193ba767f36d5cef83297d6a9ded851054aab5a449ccb9e56df301aa2d64218da76770497c7baeea11939eff02672a269b25b54fd00947360ff47776
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaJ:174g2LDeiPDImOkx2LIaJ

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2408	rundll32.exe
Token: SeTcbPrivilege	2408	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2408	2372	rundll32.exe	28
PID 2372 wrote to memory of 2408	2372	rundll32.exe	28
PID 2372 wrote to memory of 2408	2372	rundll32.exe	28
PID 2372 wrote to memory of 2408	2372	rundll32.exe	28
PID 2372 wrote to memory of 2408	2372	rundll32.exe	28
PID 2372 wrote to memory of 2408	2372	rundll32.exe	28
PID 2372 wrote to memory of 2408	2372	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\604967a0b6f137bd38d8ba90b117ed61b7fc3be348f5e91ffb96ac8e7158e3a4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\604967a0b6f137bd38d8ba90b117ed61b7fc3be348f5e91ffb96ac8e7158e3a4.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2408