8934f051912102cd5b674b341b3c76f485d3dabc8fb9d6cbd1cb7f5165196fd2

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 10:54

Target

8934f051912102cd5b674b341b3c76f485d3dabc8fb9d6cbd1cb7f5165196fd2.dll
Size

397KB
MD5

0e177c398406da7122dec9b7f9b3ef79
SHA1

7fc372ee7ad69dde068336cec659a5e089295b90
SHA256

8934f051912102cd5b674b341b3c76f485d3dabc8fb9d6cbd1cb7f5165196fd2
SHA512

93a64fcabaeaeb7dcd39ea6d658b89db2358a5a3fb98b39e24c77e29bb600eededadbcf3d89ff9af655386332616f3e061e5a744e5b5c662d1b70546856df9d9
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOa1:174g2LDeiPDImOkx2LIa1

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1752	rundll32.exe
Token: SeTcbPrivilege	1752	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1752	1720	rundll32.exe	14
PID 1720 wrote to memory of 1752	1720	rundll32.exe	14
PID 1720 wrote to memory of 1752	1720	rundll32.exe	14
PID 1720 wrote to memory of 1752	1720	rundll32.exe	14
PID 1720 wrote to memory of 1752	1720	rundll32.exe	14
PID 1720 wrote to memory of 1752	1720	rundll32.exe	14
PID 1720 wrote to memory of 1752	1720	rundll32.exe	14

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8934f051912102cd5b674b341b3c76f485d3dabc8fb9d6cbd1cb7f5165196fd2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720