39f4f6a61b2ed4956ba96d61acae784fbf67f1a48b83f1218a1959168323d078

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 04:34

Target

76654e6cb55d459aef4bade9e86c9820.dll
Size

23KB
MD5

76654e6cb55d459aef4bade9e86c9820
SHA1

fe6bfadab101d02890b3f6960526f82ce49b2ee1
SHA256

39f4f6a61b2ed4956ba96d61acae784fbf67f1a48b83f1218a1959168323d078
SHA512

a3c4a97268132ab1c198020ccccf8fa7a303f937f78369888cb347676e65497e3cbe4710601c5f633cb481cb188d952240d80003b6e1901c5039445ec7e389a3
SSDEEP

384:DaGcv+dJrxlI2z8j0INbuLsPMwPq/hc9ZYAbw1cZZqpruc:O1+dhxlI08j0INbuLsPUnAbWcZg5V

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\sperls.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\sperls.dll	rundll32.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2316	rundll32.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2316	2264	rundll32.exe	16
PID 2264 wrote to memory of 2316	2264	rundll32.exe	16
PID 2264 wrote to memory of 2316	2264	rundll32.exe	16
PID 2264 wrote to memory of 2316	2264	rundll32.exe	16
PID 2264 wrote to memory of 2316	2264	rundll32.exe	16
PID 2264 wrote to memory of 2316	2264	rundll32.exe	16
PID 2264 wrote to memory of 2316	2264	rundll32.exe	16
PID 2316 wrote to memory of 1196	2316	rundll32.exe	8

memory/1196-2-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download