994bee4d324b59e5db8588ce4b3a41b83350d205e48241cce1d4775b292a58f0

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 13:06

Target

994bee4d324b59e5db8588ce4b3a41b83350d205e48241cce1d4775b292a58f0.dll
Size

397KB
MD5

b0f51238922e1cf8a7cec844324ba72d
SHA1

345d507f7a0d1887429001b964acd062efbda9b3
SHA256

994bee4d324b59e5db8588ce4b3a41b83350d205e48241cce1d4775b292a58f0
SHA512

37fa2bce0c32a7786d281faaaf4fa3932fb21e9c9de46168defa24f42d9515ce8c9eee666d9e99d247943c2d0ff109eeca6ab58c530de2a2df4d8c28bc28db76
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOay:174g2LDeiPDImOkx2LIay

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2116	rundll32.exe
Token: SeTcbPrivilege	2116	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 2116	2144	rundll32.exe	28
PID 2144 wrote to memory of 2116	2144	rundll32.exe	28
PID 2144 wrote to memory of 2116	2144	rundll32.exe	28
PID 2144 wrote to memory of 2116	2144	rundll32.exe	28
PID 2144 wrote to memory of 2116	2144	rundll32.exe	28
PID 2144 wrote to memory of 2116	2144	rundll32.exe	28
PID 2144 wrote to memory of 2116	2144	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\994bee4d324b59e5db8588ce4b3a41b83350d205e48241cce1d4775b292a58f0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\994bee4d324b59e5db8588ce4b3a41b83350d205e48241cce1d4775b292a58f0.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2116