4eb8eeb784b0fe557bba49220f75240ad6719edd905240897b56efc100f23fc7

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 19:57

Target

4eb8eeb784b0fe557bba49220f75240ad6719edd905240897b56efc100f23fc7.dll
Size

397KB
MD5

e48e05ae5173839617827d2e200bbd48
SHA1

75c8a425dd696da621c26eb1ca15dcef79726e20
SHA256

4eb8eeb784b0fe557bba49220f75240ad6719edd905240897b56efc100f23fc7
SHA512

eb886e44a1528656902c9e63523bab018965b357d76083c9b358444f11488daf26362ed30d3c70874ba0d0209c60a640b355c3dc05fb405c4699822a718175ba
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOa4:174g2LDeiPDImOkx2LIa4

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2104	rundll32.exe
Token: SeTcbPrivilege	2104	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 2104	2100	rundll32.exe	28
PID 2100 wrote to memory of 2104	2100	rundll32.exe	28
PID 2100 wrote to memory of 2104	2100	rundll32.exe	28
PID 2100 wrote to memory of 2104	2100	rundll32.exe	28
PID 2100 wrote to memory of 2104	2100	rundll32.exe	28
PID 2100 wrote to memory of 2104	2100	rundll32.exe	28
PID 2100 wrote to memory of 2104	2100	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4eb8eeb784b0fe557bba49220f75240ad6719edd905240897b56efc100f23fc7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4eb8eeb784b0fe557bba49220f75240ad6719edd905240897b56efc100f23fc7.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2104