eb5a666f825757209c1e32dd36529859f3bd56910207d7fd3caec06dafd2327f

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 12:23

Target

de008ef579be3a7a93bd6cc03445460c.dll
Size

105KB
MD5

de008ef579be3a7a93bd6cc03445460c
SHA1

fbf97c2735e0818edf94015e992c7d99d2d6c8f2
SHA256

eb5a666f825757209c1e32dd36529859f3bd56910207d7fd3caec06dafd2327f
SHA512

0b794772ffcd65b914447d050b08ddf547163cb736621dcae9f85c6b5da3c602bef0e3f58b3b0aa9b74160b55bd53c68f0cb1438866ee517d7be98850bc69f5b
SSDEEP

1536:TyMqm8Qlnfqk5WrG2apFGY4+dkHmBkzI9yluNxGsMsrFSgh9aSxPoixc:+HqnyHy2apFGmdkGXI1ZsrQgh9/Hxc

Score

1^/10

Suspicious use of AdjustPrivilegeToken 18 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3056	rundll32.exe
Token: SeSecurityPrivilege	3056	rundll32.exe
Token: SeTakeOwnershipPrivilege	3056	rundll32.exe
Token: SeLoadDriverPrivilege	3056	rundll32.exe
Token: SeSystemProfilePrivilege	3056	rundll32.exe
Token: SeSystemtimePrivilege	3056	rundll32.exe
Token: SeProfSingleProcessPrivilege	3056	rundll32.exe
Token: SeIncBasePriorityPrivilege	3056	rundll32.exe
Token: SeCreatePagefilePrivilege	3056	rundll32.exe
Token: SeShutdownPrivilege	3056	rundll32.exe
Token: SeDebugPrivilege	3056	rundll32.exe
Token: SeSystemEnvironmentPrivilege	3056	rundll32.exe
Token: SeRemoteShutdownPrivilege	3056	rundll32.exe
Token: SeUndockPrivilege	3056	rundll32.exe
Token: SeManageVolumePrivilege	3056	rundll32.exe
Token: 33	3056	rundll32.exe
Token: 34	3056	rundll32.exe
Token: 35	3056	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 3056	2372	rundll32.exe	28
PID 2372 wrote to memory of 3056	2372	rundll32.exe	28
PID 2372 wrote to memory of 3056	2372	rundll32.exe	28
PID 2372 wrote to memory of 3056	2372	rundll32.exe	28
PID 2372 wrote to memory of 3056	2372	rundll32.exe	28
PID 2372 wrote to memory of 3056	2372	rundll32.exe	28
PID 2372 wrote to memory of 3056	2372	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\de008ef579be3a7a93bd6cc03445460c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\de008ef579be3a7a93bd6cc03445460c.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3056