b1406bda7cc67a03ecb76500220bfc2199e26f7f76ee7b87fd3b98697b7b5400

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08-01-2024 11:06

Target

b1406bda7cc67a03ecb76500220bfc2199e26f7f76ee7b87fd3b98697b7b5400.dll
Size

397KB
MD5

488bd787f0ced54a7259478a7ff1395d
SHA1

0b80ba44fb791718ee23f013c86f81c934b516a7
SHA256

b1406bda7cc67a03ecb76500220bfc2199e26f7f76ee7b87fd3b98697b7b5400
SHA512

98b02684c84ed58d764e56ec96e12ff7a2051b0b05749024634d500c9c35bdd28210352dc2b160371bebc69ec844bc817ac3652f05f22333c869870e316b0d76
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOat:174g2LDeiPDImOkx2LIat

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2988	rundll32.exe
Token: SeTcbPrivilege	2988	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2988	2976	rundll32.exe	14
PID 2976 wrote to memory of 2988	2976	rundll32.exe	14
PID 2976 wrote to memory of 2988	2976	rundll32.exe	14
PID 2976 wrote to memory of 2988	2976	rundll32.exe	14
PID 2976 wrote to memory of 2988	2976	rundll32.exe	14
PID 2976 wrote to memory of 2988	2976	rundll32.exe	14
PID 2976 wrote to memory of 2988	2976	rundll32.exe	14

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b1406bda7cc67a03ecb76500220bfc2199e26f7f76ee7b87fd3b98697b7b5400.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2976