e2ebfddba7cd85f9bbe61c64d5b3040c0047320ebe18808723fb33496b18a6f9

Analysis

max time kernel
119s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02-01-2024 07:43

Target

e2ebfddba7cd85f9bbe61c64d5b3040c0047320ebe18808723fb33496b18a6f9.dll
Size

397KB
MD5

22ab7848fa43352bee2f2a6b606df162
SHA1

99f15bf13c8c30fcdda0e3a0da9bf94c1c4dac3d
SHA256

e2ebfddba7cd85f9bbe61c64d5b3040c0047320ebe18808723fb33496b18a6f9
SHA512

ab025c7813556fdb174de462ed42ffa21e534fb436cf454591628a08fdd6c7b1f3e4825c5a9220604ea1b062be135a41e64a6125837e80414a2367ce51c9c28c
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaG:174g2LDeiPDImOkx2LIaG

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1740	rundll32.exe
Token: SeTcbPrivilege	1740	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 1740	1636	rundll32.exe	17
PID 1636 wrote to memory of 1740	1636	rundll32.exe	17
PID 1636 wrote to memory of 1740	1636	rundll32.exe	17
PID 1636 wrote to memory of 1740	1636	rundll32.exe	17
PID 1636 wrote to memory of 1740	1636	rundll32.exe	17
PID 1636 wrote to memory of 1740	1636	rundll32.exe	17
PID 1636 wrote to memory of 1740	1636	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2ebfddba7cd85f9bbe61c64d5b3040c0047320ebe18808723fb33496b18a6f9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1636