d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
20/02/2024, 14:36

Target

d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362.dll
Size

397KB
MD5

23c0b8d376cbdbaed347d96f69b34757
SHA1

5d4ad15e6879f6637cfe289c40390c5fb329413b
SHA256

d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362
SHA512

1dbfde8afc2ddca8d5d2e51e7152b1ce9420eec8a6e11566fd0f2915dde944af1536ef2f979fc925601b74e8702a130b12e9c885360d68bad8fe6bcdf60c1d68
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaV:174g2LDeiPDImOkx2LIaV

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3012	rundll32.exe
Token: SeTcbPrivilege	3012	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 3012	1352	rundll32.exe	28
PID 1352 wrote to memory of 3012	1352	rundll32.exe	28
PID 1352 wrote to memory of 3012	1352	rundll32.exe	28
PID 1352 wrote to memory of 3012	1352	rundll32.exe	28
PID 1352 wrote to memory of 3012	1352	rundll32.exe	28
PID 1352 wrote to memory of 3012	1352	rundll32.exe	28
PID 1352 wrote to memory of 3012	1352	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3012