650a7c2fb36bf074299e9456fb28b1a9fd017eed26ab1bd23c4a0309f77d83a2

Analysis

max time kernel
122s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 17:48

Target

542d05e1302abb9a231194994777c79f.dll
Size

45KB
MD5

542d05e1302abb9a231194994777c79f
SHA1

c2c37adb46af7314659d43f93de62ec7f6b8b518
SHA256

650a7c2fb36bf074299e9456fb28b1a9fd017eed26ab1bd23c4a0309f77d83a2
SHA512

44f8adb41cc303f8ab0bab4fec73f05502329b9013f6e239b129327d9bb65dc6a9ace23f22854332369202cbb29e8bdfe6e59da24aba65b5d697c392b416f2b3
SSDEEP

768:8bcWFTswBMCDQ1qI0Yr3jM4OjLhT+P/j068K1IMR5MUjta6:8AWOwPsFJ3jMVqPmIIMwS86

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2368	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2368	2912	rundll32.exe	28
PID 2912 wrote to memory of 2368	2912	rundll32.exe	28
PID 2912 wrote to memory of 2368	2912	rundll32.exe	28
PID 2912 wrote to memory of 2368	2912	rundll32.exe	28
PID 2912 wrote to memory of 2368	2912	rundll32.exe	28
PID 2912 wrote to memory of 2368	2912	rundll32.exe	28
PID 2912 wrote to memory of 2368	2912	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\542d05e1302abb9a231194994777c79f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\542d05e1302abb9a231194994777c79f.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2368