1e00d75cc9df62b3f23c36351a791ed817703f679a7bee43dcb4f537171f8c07

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 13:00

Target

VirusShare-5f38887e91846362bdf3bc06614db22e.dll
Size

10KB
MD5

5f38887e91846362bdf3bc06614db22e
SHA1

2eb3ac6b06f48dd33988d27edfe58f92b2d358c4
SHA256

1e00d75cc9df62b3f23c36351a791ed817703f679a7bee43dcb4f537171f8c07
SHA512

ff2419e15f7d83b69f1fdb14578f469927744db53fe7baacf28eccd99d432a0c3d24ac8dfeeb0428c9003b9a9d85a6627046a91eda1f9b656a184283b986120b
SSDEEP

192:JN1k2Ks2leCoWU3FaoLkkWktEPsR+lk6crgC0+TluIlCb24jGXfq:D/z2leCoWkFaoMjlkGSTluIXfq

Score

1^/10

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	632	rundll32.exe
Token: SeSecurityPrivilege	632	rundll32.exe
Token: SeTakeOwnershipPrivilege	632	rundll32.exe
Token: SeLoadDriverPrivilege	632	rundll32.exe
Token: SeSystemProfilePrivilege	632	rundll32.exe
Token: SeSystemtimePrivilege	632	rundll32.exe
Token: SeProfSingleProcessPrivilege	632	rundll32.exe
Token: SeIncBasePriorityPrivilege	632	rundll32.exe
Token: SeCreatePagefilePrivilege	632	rundll32.exe
Token: SeBackupPrivilege	632	rundll32.exe
Token: SeRestorePrivilege	632	rundll32.exe
Token: SeShutdownPrivilege	632	rundll32.exe
Token: SeDebugPrivilege	632	rundll32.exe
Token: SeSystemEnvironmentPrivilege	632	rundll32.exe
Token: SeChangeNotifyPrivilege	632	rundll32.exe
Token: SeRemoteShutdownPrivilege	632	rundll32.exe
Token: SeUndockPrivilege	632	rundll32.exe
Token: SeManageVolumePrivilege	632	rundll32.exe
Token: SeImpersonatePrivilege	632	rundll32.exe
Token: SeCreateGlobalPrivilege	632	rundll32.exe
Token: 33	632	rundll32.exe
Token: 34	632	rundll32.exe
Token: 35	632	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 632	2916	rundll32.exe	28
PID 2916 wrote to memory of 632	2916	rundll32.exe	28
PID 2916 wrote to memory of 632	2916	rundll32.exe	28
PID 2916 wrote to memory of 632	2916	rundll32.exe	28
PID 2916 wrote to memory of 632	2916	rundll32.exe	28
PID 2916 wrote to memory of 632	2916	rundll32.exe	28
PID 2916 wrote to memory of 632	2916	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare-5f38887e91846362bdf3bc06614db22e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare-5f38887e91846362bdf3bc06614db22e.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:632

memory/632-0-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download
memory/632-1-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download
memory/632-2-0x0000000010000000-0x0000000010006000-memory.dmp

Filesize
24KB

Download