009340eca415a086420669555ed527513d18f80c6224148d38c78649b9fd1c32

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
18-04-2024 03:52

Target

009340eca415a086420669555ed527513d18f80c6224148d38c78649b9fd1c32.dll
Size

397KB
MD5

7dd9638cf1a7f36eb1a324f14bd2a9a0
SHA1

c67f97e0f80d6c2ea00b27b46d4c04274cbf8511
SHA256

009340eca415a086420669555ed527513d18f80c6224148d38c78649b9fd1c32
SHA512

c9b1dc1b53ebfdcda732f9813c41dec22179129c2e06376f08355ed1deb802a9d77f960ee04efa4f7cc0e261a563e2fccfcb2e06b2dd01ab9df0890e30d2e6fe
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOax:174g2LDeiPDImOkx2LIax

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	864	rundll32.exe
Token: SeTcbPrivilege	864	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 864	1028	rundll32.exe	28
PID 1028 wrote to memory of 864	1028	rundll32.exe	28
PID 1028 wrote to memory of 864	1028	rundll32.exe	28
PID 1028 wrote to memory of 864	1028	rundll32.exe	28
PID 1028 wrote to memory of 864	1028	rundll32.exe	28
PID 1028 wrote to memory of 864	1028	rundll32.exe	28
PID 1028 wrote to memory of 864	1028	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\009340eca415a086420669555ed527513d18f80c6224148d38c78649b9fd1c32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\009340eca415a086420669555ed527513d18f80c6224148d38c78649b9fd1c32.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:864