7feb661231a6c41557eab9a11baa4710fa2b3f8428c3063d4055216ffc1d4738

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20/03/2024, 03:19

Target

d7c07f7255f325906995b7037c7f47c7.dll
Size

36KB
MD5

d7c07f7255f325906995b7037c7f47c7
SHA1

a98fc983f2b0bd838202092e3fbfe3588fd06a5a
SHA256

7feb661231a6c41557eab9a11baa4710fa2b3f8428c3063d4055216ffc1d4738
SHA512

d7f7ea93ab4210edb95b6c1d5164a3ccde3936ecdd0e419f0819dc6b58544f716900e6f23c541cc7b225948e6c0151e38232ade2828ef30f812283e9606c5078
SSDEEP

384:s86ta0s1mO09hjBHDMGnUI3CO64f3Zg2OO4PzrjQsH+gGZNEyExVOC:spt1kmr9hjBHnnUof3y2OPP7xH+RZK

Score

5^/10

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\hjk.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\hjk.dll	rundll32.exe
File created	C:\Windows\SysWOW64\gjbhr.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\gjbhr.dll	rundll32.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Suspicious use of AdjustPrivilegeToken 4 IoCs

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2124	2288	rundll32.exe	28
PID 2288 wrote to memory of 2124	2288	rundll32.exe	28
PID 2288 wrote to memory of 2124	2288	rundll32.exe	28
PID 2288 wrote to memory of 2124	2288	rundll32.exe	28
PID 2288 wrote to memory of 2124	2288	rundll32.exe	28
PID 2288 wrote to memory of 2124	2288	rundll32.exe	28
PID 2288 wrote to memory of 2124	2288	rundll32.exe	28
PID 2124 wrote to memory of 1116	2124	rundll32.exe	20
PID 2124 wrote to memory of 1116	2124	rundll32.exe	20
PID 2124 wrote to memory of 1076	2124	rundll32.exe	19
PID 2124 wrote to memory of 1076	2124	rundll32.exe	19

memory/1116-2-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download