03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 11:41

Target

03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9.dll
Size

397KB
MD5

d7af76201066a059719e1103fbbe4805
SHA1

aac00a2e37a4460b4ff392a702238712b550e279
SHA256

03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9
SHA512

5e3d17ebd344a7f3261fe9441a97fb7f78ae15d45425539dc50f42de42c456581a7c64d29c6db449e6cfce78fec250f0fbe47b7a69aa5caea1cedbdd3f344b42
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaQ:174g2LDeiPDImOkx2LIaQ

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2372	rundll32.exe
Token: SeTcbPrivilege	2372	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2372	2184	rundll32.exe	28
PID 2184 wrote to memory of 2372	2184	rundll32.exe	28
PID 2184 wrote to memory of 2372	2184	rundll32.exe	28
PID 2184 wrote to memory of 2372	2184	rundll32.exe	28
PID 2184 wrote to memory of 2372	2184	rundll32.exe	28
PID 2184 wrote to memory of 2372	2184	rundll32.exe	28
PID 2184 wrote to memory of 2372	2184	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2372