04edb707b27632711b78f98fe66b3f9a78de04624e4f65e551035c0a193dbc3d

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 07:42

Target

64d94bce7281dfe6fb97939c6651fce3.dll
Size

300KB
MD5

64d94bce7281dfe6fb97939c6651fce3
SHA1

515db6800d549a709d38968504f8850d164993fd
SHA256

04edb707b27632711b78f98fe66b3f9a78de04624e4f65e551035c0a193dbc3d
SHA512

88df482565d31f94bae29565f969db6f0f21ee8352c573bef26b227352785b0de17a9e78ada30b303ee85db37c9fb7e3a5267a1c46264c411f07d1705d80caa9
SSDEEP

6144:uA2iBzok8ag9cMDXexovX+Wo22HbbfTcnmWG0EM8ZCzERln:uAHGk8T9cMDXexoPdovHbbfomWG0usw9

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\gmjgty.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\gmjgty.dll	rundll32.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3012	rundll32.exe
Token: SeDebugPrivilege	3012	rundll32.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 3012	2816	rundll32.exe	16
PID 2816 wrote to memory of 3012	2816	rundll32.exe	16
PID 2816 wrote to memory of 3012	2816	rundll32.exe	16
PID 2816 wrote to memory of 3012	2816	rundll32.exe	16
PID 2816 wrote to memory of 3012	2816	rundll32.exe	16
PID 2816 wrote to memory of 3012	2816	rundll32.exe	16
PID 2816 wrote to memory of 3012	2816	rundll32.exe	16
PID 3012 wrote to memory of 1376	3012	rundll32.exe	6
PID 3012 wrote to memory of 1376	3012	rundll32.exe	6

memory/1376-2-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download