798e6aea076142739a37ff748d9db4ac53d3dc3a9fe7763e7e02e127aa54a74d

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 16:17

Target

b91eea0d44ca3a74c5b1cc4907fcb3d7.dll
Size

30KB
MD5

b91eea0d44ca3a74c5b1cc4907fcb3d7
SHA1

dae863717c364399ccb106f53bdc224f356183b0
SHA256

798e6aea076142739a37ff748d9db4ac53d3dc3a9fe7763e7e02e127aa54a74d
SHA512

21298c6eef0f66057ff4fd5e415e88d47cd65f8461893aba22703b47d763af12b92f957b980438ac69baf82aba8b9efab3fd46f6adcfd1afff6582275c0d5736
SSDEEP

384:xKu76AykdVCXDd6knJYKLPTzcKqZb+gGZMcnjvc4gU:4unykjCTd6wtLP0Kqb+RZm

Score

5^/10

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\hmsdvf.dll	rundll32.exe
File created	C:\Windows\SysWOW64\asfjthj.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\asfjthj.dll	rundll32.exe
File created	C:\Windows\SysWOW64\hmsdvf.dll	rundll32.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Suspicious use of AdjustPrivilegeToken 4 IoCs

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 1736	1928	rundll32.exe	28
PID 1928 wrote to memory of 1736	1928	rundll32.exe	28
PID 1928 wrote to memory of 1736	1928	rundll32.exe	28
PID 1928 wrote to memory of 1736	1928	rundll32.exe	28
PID 1928 wrote to memory of 1736	1928	rundll32.exe	28
PID 1928 wrote to memory of 1736	1928	rundll32.exe	28
PID 1928 wrote to memory of 1736	1928	rundll32.exe	28
PID 1736 wrote to memory of 1224	1736	rundll32.exe	21
PID 1736 wrote to memory of 1224	1736	rundll32.exe	21
PID 1736 wrote to memory of 296	1736	rundll32.exe	17
PID 1736 wrote to memory of 296	1736	rundll32.exe	17

memory/1224-2-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download