a83640bd8f5a45654d3b62b1907b25d7ff414c21af65c772564d3c98eac54957

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 13:59

Target

a83640bd8f5a45654d3b62b1907b25d7ff414c21af65c772564d3c98eac54957.dll
Size

397KB
MD5

555272097f74262dd1967571d114640c
SHA1

1515c15d36ed709a2ddb4e49884d7054e04a1abd
SHA256

a83640bd8f5a45654d3b62b1907b25d7ff414c21af65c772564d3c98eac54957
SHA512

d7c1ed900ba0f62cfb201e55316e1998263284cd633c03475aacbb060aa0a7eb1811d0b84df93199f6080f6696f033ff5e8c2b990ed4954c407384ac580db806
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOak:174g2LDeiPDImOkx2LIak

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2428	rundll32.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2428	rundll32.exe
Token: SeTcbPrivilege	2428	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2428	2916	rundll32.exe	16
PID 2916 wrote to memory of 2428	2916	rundll32.exe	16
PID 2916 wrote to memory of 2428	2916	rundll32.exe	16
PID 2916 wrote to memory of 2428	2916	rundll32.exe	16
PID 2916 wrote to memory of 2428	2916	rundll32.exe	16
PID 2916 wrote to memory of 2428	2916	rundll32.exe	16
PID 2916 wrote to memory of 2428	2916	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a83640bd8f5a45654d3b62b1907b25d7ff414c21af65c772564d3c98eac54957.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a83640bd8f5a45654d3b62b1907b25d7ff414c21af65c772564d3c98eac54957.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2428