99dc1491e2c78fcd61a602c62f12bc0701a943cdd8fb535df80f2c633a835006

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08-01-2024 11:43

Target

99dc1491e2c78fcd61a602c62f12bc0701a943cdd8fb535df80f2c633a835006.dll
Size

397KB
MD5

26ef138e19431dcdded31b6ba1dd11ab
SHA1

33850bcfabb1746d416bad7c78b75e39b324bae4
SHA256

99dc1491e2c78fcd61a602c62f12bc0701a943cdd8fb535df80f2c633a835006
SHA512

050e35928cbc99647dd178d5df1c58be78d3e552f0bc6e76761d7678d099160d6c910d767b9837d1c7e94525570cd5f82b191fcf15f0876b1689bbb71a879abd
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaJ:174g2LDeiPDImOkx2LIaJ

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2320	rundll32.exe
Token: SeTcbPrivilege	2320	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 2320	1724	rundll32.exe	16
PID 1724 wrote to memory of 2320	1724	rundll32.exe	16
PID 1724 wrote to memory of 2320	1724	rundll32.exe	16
PID 1724 wrote to memory of 2320	1724	rundll32.exe	16
PID 1724 wrote to memory of 2320	1724	rundll32.exe	16
PID 1724 wrote to memory of 2320	1724	rundll32.exe	16
PID 1724 wrote to memory of 2320	1724	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\99dc1491e2c78fcd61a602c62f12bc0701a943cdd8fb535df80f2c633a835006.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\99dc1491e2c78fcd61a602c62f12bc0701a943cdd8fb535df80f2c633a835006.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2320