fa068e025ef41f3886e4293e32adb98e9663c494f3e79cee4547005687dfb962

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 10:35

Target

fa068e025ef41f3886e4293e32adb98e9663c494f3e79cee4547005687dfb962.dll
Size

397KB
MD5

473a72205fdaf5f68b1f20f369de2a3f
SHA1

61662c6615afa59ceecffdf1b1f7ab48f57671cf
SHA256

fa068e025ef41f3886e4293e32adb98e9663c494f3e79cee4547005687dfb962
SHA512

ee0a47be718bbabfa163b4badb74dedb4cdd2f7afec0701bce24985cfe29ed82362316e3c7ce9b8ff89772299ee53dfed6902928c53337d4e28daabb654b2963
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaL:174g2LDeiPDImOkx2LIaL

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3000	rundll32.exe
Token: SeTcbPrivilege	3000	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 3000	2980	rundll32.exe	28
PID 2980 wrote to memory of 3000	2980	rundll32.exe	28
PID 2980 wrote to memory of 3000	2980	rundll32.exe	28
PID 2980 wrote to memory of 3000	2980	rundll32.exe	28
PID 2980 wrote to memory of 3000	2980	rundll32.exe	28
PID 2980 wrote to memory of 3000	2980	rundll32.exe	28
PID 2980 wrote to memory of 3000	2980	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa068e025ef41f3886e4293e32adb98e9663c494f3e79cee4547005687dfb962.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa068e025ef41f3886e4293e32adb98e9663c494f3e79cee4547005687dfb962.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3000