Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
03/02/2024, 12:44
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.Evo-gen.24577.11332.dll
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.Evo-gen.24577.11332.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
SecuriteInfo.com.Win32.Evo-gen.24577.11332.dll
-
Size
1.3MB
-
MD5
8bc233d854a4e4b38daf0d15afa46b1c
-
SHA1
38e144b196cfaaafa2bbd835500d947523452200
-
SHA256
b2e081b6b1419a8b651e59d0ce9f1c4058180a5d8ffd41fd28ba93554ac3b088
-
SHA512
5b6f7619843e8cbfc84c6dbbc1a66685f22bf639693140cc8e80ab25aecc5658482ba39d871e6fe545f4849cc41b316b1ddd77f4b02c42fa409d5ce324bb7d6b
-
SSDEEP
24576:XN0Umarzx4rAlBaQMOWv2Yr8NOTlDNr38Xvr:X6FarcGxWjTVN6r
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 35 IoCs
description pid Process Token: 1 1568 rundll32.exe Token: SeCreateTokenPrivilege 1568 rundll32.exe Token: SeAssignPrimaryTokenPrivilege 1568 rundll32.exe Token: SeLockMemoryPrivilege 1568 rundll32.exe Token: SeIncreaseQuotaPrivilege 1568 rundll32.exe Token: SeMachineAccountPrivilege 1568 rundll32.exe Token: SeTcbPrivilege 1568 rundll32.exe Token: SeSecurityPrivilege 1568 rundll32.exe Token: SeTakeOwnershipPrivilege 1568 rundll32.exe Token: SeLoadDriverPrivilege 1568 rundll32.exe Token: SeSystemProfilePrivilege 1568 rundll32.exe Token: SeSystemtimePrivilege 1568 rundll32.exe Token: SeProfSingleProcessPrivilege 1568 rundll32.exe Token: SeIncBasePriorityPrivilege 1568 rundll32.exe Token: SeCreatePagefilePrivilege 1568 rundll32.exe Token: SeCreatePermanentPrivilege 1568 rundll32.exe Token: SeBackupPrivilege 1568 rundll32.exe Token: SeRestorePrivilege 1568 rundll32.exe Token: SeShutdownPrivilege 1568 rundll32.exe Token: SeDebugPrivilege 1568 rundll32.exe Token: SeAuditPrivilege 1568 rundll32.exe Token: SeSystemEnvironmentPrivilege 1568 rundll32.exe Token: SeChangeNotifyPrivilege 1568 rundll32.exe Token: SeRemoteShutdownPrivilege 1568 rundll32.exe Token: SeUndockPrivilege 1568 rundll32.exe Token: SeSyncAgentPrivilege 1568 rundll32.exe Token: SeEnableDelegationPrivilege 1568 rundll32.exe Token: SeManageVolumePrivilege 1568 rundll32.exe Token: SeImpersonatePrivilege 1568 rundll32.exe Token: SeCreateGlobalPrivilege 1568 rundll32.exe Token: 31 1568 rundll32.exe Token: 32 1568 rundll32.exe Token: 33 1568 rundll32.exe Token: 34 1568 rundll32.exe Token: 35 1568 rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 1568 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2132 wrote to memory of 1568 2132 rundll32.exe 28 PID 2132 wrote to memory of 1568 2132 rundll32.exe 28 PID 2132 wrote to memory of 1568 2132 rundll32.exe 28 PID 2132 wrote to memory of 1568 2132 rundll32.exe 28 PID 2132 wrote to memory of 1568 2132 rundll32.exe 28 PID 2132 wrote to memory of 1568 2132 rundll32.exe 28 PID 2132 wrote to memory of 1568 2132 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.24577.11332.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2132 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.24577.11332.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1568
-