a7a6c5aae1c544654acd46d0cdcc4c0593085275e49218287795ce68ef1f8973

Analysis

max time kernel
122s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 12:13

Target

a7a6c5aae1c544654acd46d0cdcc4c0593085275e49218287795ce68ef1f8973.dll
Size

397KB
MD5

caa5dea108a377015bd1d543ecbfecdc
SHA1

95c9c78d30d79382bb2b303d0bf032333728c29d
SHA256

a7a6c5aae1c544654acd46d0cdcc4c0593085275e49218287795ce68ef1f8973
SHA512

190186dbc199de2f00aec9d236f718da619df6a2b86a8f8c9f731d3ec439c7923d3169bd4610f074edf49b273871af91e70803f66d7075e17516abb1dea3c731
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOa9:174g2LDeiPDImOkx2LIa9

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2164	rundll32.exe
Token: SeTcbPrivilege	2164	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 2164	2920	rundll32.exe	16
PID 2920 wrote to memory of 2164	2920	rundll32.exe	16
PID 2920 wrote to memory of 2164	2920	rundll32.exe	16
PID 2920 wrote to memory of 2164	2920	rundll32.exe	16
PID 2920 wrote to memory of 2164	2920	rundll32.exe	16
PID 2920 wrote to memory of 2164	2920	rundll32.exe	16
PID 2920 wrote to memory of 2164	2920	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a7a6c5aae1c544654acd46d0cdcc4c0593085275e49218287795ce68ef1f8973.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a7a6c5aae1c544654acd46d0cdcc4c0593085275e49218287795ce68ef1f8973.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2164