c0c75333ee0fc54167936b0ab4534f9b0deda37c3a7f2523a7e34bf049762f97

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08-01-2024 11:32

Target

c0c75333ee0fc54167936b0ab4534f9b0deda37c3a7f2523a7e34bf049762f97.dll
Size

397KB
MD5

02c771d4c5b644432ef09559eb7ca12b
SHA1

8a564ca6aaca27bc6141c508e1e5d7b6ef53d280
SHA256

c0c75333ee0fc54167936b0ab4534f9b0deda37c3a7f2523a7e34bf049762f97
SHA512

3b84ccf347097d6a6dcfb3905d63da71c7307f034ac5875c4e7eebdff9d2cbb03f5b9016d72040fc0e7bc3f378a0f04b29993f8f4d8ed8c3adb1b374fa828eee
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaw:174g2LDeiPDImOkx2LIaw

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1612	rundll32.exe
Token: SeTcbPrivilege	1612	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 1612	1620	rundll32.exe	28
PID 1620 wrote to memory of 1612	1620	rundll32.exe	28
PID 1620 wrote to memory of 1612	1620	rundll32.exe	28
PID 1620 wrote to memory of 1612	1620	rundll32.exe	28
PID 1620 wrote to memory of 1612	1620	rundll32.exe	28
PID 1620 wrote to memory of 1612	1620	rundll32.exe	28
PID 1620 wrote to memory of 1612	1620	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0c75333ee0fc54167936b0ab4534f9b0deda37c3a7f2523a7e34bf049762f97.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0c75333ee0fc54167936b0ab4534f9b0deda37c3a7f2523a7e34bf049762f97.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1612