Analysis
-
max time kernel
148s -
max time network
147s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18-04-2024 02:23
Behavioral task
behavioral1
Sample
014960b00621ead2d2267bad617a74e9.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
014960b00621ead2d2267bad617a74e9.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
014960b00621ead2d2267bad617a74e9.dll
-
Size
152KB
-
MD5
014960b00621ead2d2267bad617a74e9
-
SHA1
640534106af63ee5cff7718aee5c459ee5cd609f
-
SHA256
69cbdb401d6c03f3d64b3bf48d527cb4bf507952f34b170a3d020707fc4ff7be
-
SHA512
23c05ab73f21fd99abc965afbfd4f583b176fa345cdefe45c087cd53f355a735f7001f7c86ddc880bdd4642de7dd93b530687c4193c03d3eb0832d8e973cbdf3
-
SSDEEP
3072:ZwIlou75k4WvRcdqFfn7N1HGXyyf/dBWrr4IHtTBf9av9w956frb:WKN75k1NFf7N1HGXyyN0IIHtTB41w9wD
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
rundll32.exedescription pid Process Token: SeDebugPrivilege 1672 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 2220 wrote to memory of 1672 2220 rundll32.exe 28 PID 2220 wrote to memory of 1672 2220 rundll32.exe 28 PID 2220 wrote to memory of 1672 2220 rundll32.exe 28 PID 2220 wrote to memory of 1672 2220 rundll32.exe 28 PID 2220 wrote to memory of 1672 2220 rundll32.exe 28 PID 2220 wrote to memory of 1672 2220 rundll32.exe 28 PID 2220 wrote to memory of 1672 2220 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\014960b00621ead2d2267bad617a74e9.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\014960b00621ead2d2267bad617a74e9.dll,#12⤵
- Suspicious use of AdjustPrivilegeToken
PID:1672
-