9f8fe971d83e5569ab2feada13b90e6243befe3845344ce3225d30aa06481a53

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 19:59

Target

90065869bdc1a3c2bca82036a2110a3c.dll
Size

27KB
MD5

90065869bdc1a3c2bca82036a2110a3c
SHA1

b0644c23167b340f2dd6ec6ec777af12343f5f42
SHA256

9f8fe971d83e5569ab2feada13b90e6243befe3845344ce3225d30aa06481a53
SHA512

b323f06d561666f5dd15718fc3f12a236989ecd079c28a53096d1cb72053a708d163199e927e2cb9f1316bd5c7073a1c343d873a9cac96d39d63d6bfa918d19c
SSDEEP

384:GNRec8Ma7D2RvsNz2/+GWqxEBSh2EYIWOJfDzlL+atRZbOjbUR3R/Bz8ykAPNdAo:h/vfNza+GWoUI2EY2rzs8ZbzBIykSD9

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2000	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2000	2380	rundll32.exe	15
PID 2380 wrote to memory of 2000	2380	rundll32.exe	15
PID 2380 wrote to memory of 2000	2380	rundll32.exe	15
PID 2380 wrote to memory of 2000	2380	rundll32.exe	15
PID 2380 wrote to memory of 2000	2380	rundll32.exe	15
PID 2380 wrote to memory of 2000	2380	rundll32.exe	15
PID 2380 wrote to memory of 2000	2380	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\90065869bdc1a3c2bca82036a2110a3c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\90065869bdc1a3c2bca82036a2110a3c.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2000

memory/2000-0-0x00000000001F0000-0x00000000001FC000-memory.dmp

Filesize
48KB

Download