4e573dc2ef59c18064687c1dd81fc8668f8f606b7e3ae4a52e9a8ab5902af0d4

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 16:05

Target

4e573dc2ef59c18064687c1dd81fc8668f8f606b7e3ae4a52e9a8ab5902af0d4.dll
Size

397KB
MD5

c5377a79dc7f14d35547182973702659
SHA1

28bab7f57d22492a05a8ce434134bf597b0c2ab8
SHA256

4e573dc2ef59c18064687c1dd81fc8668f8f606b7e3ae4a52e9a8ab5902af0d4
SHA512

5089f9983ae2ef8a59f783cd92c68a72067e94d5de57cd573f7958d66985b89bde56b2a8f1d44d37e733602e68fc986a1dd4f016065c0242d094a54edf9843c9
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaT:174g2LDeiPDImOkx2LIaT

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2784	rundll32.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2784	rundll32.exe
Token: SeTcbPrivilege	2784	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2784	2132	rundll32.exe	28
PID 2132 wrote to memory of 2784	2132	rundll32.exe	28
PID 2132 wrote to memory of 2784	2132	rundll32.exe	28
PID 2132 wrote to memory of 2784	2132	rundll32.exe	28
PID 2132 wrote to memory of 2784	2132	rundll32.exe	28
PID 2132 wrote to memory of 2784	2132	rundll32.exe	28
PID 2132 wrote to memory of 2784	2132	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e573dc2ef59c18064687c1dd81fc8668f8f606b7e3ae4a52e9a8ab5902af0d4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e573dc2ef59c18064687c1dd81fc8668f8f606b7e3ae4a52e9a8ab5902af0d4.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2784