8bd6000c423457e34614b28103827b2ea3b1e2cacc4ff07d4936090f078200f8

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
24-05-2024 00:18

Target

8bd6000c423457e34614b28103827b2ea3b1e2cacc4ff07d4936090f078200f8.dll
Size

95KB
MD5

38098115b28513e9953ac978b324aeea
SHA1

73271e4c7e37fbb2493ed03f6269ca9dddda8070
SHA256

8bd6000c423457e34614b28103827b2ea3b1e2cacc4ff07d4936090f078200f8
SHA512

20d56dc6bad1a8899efbc7293c4cc825fae1d40ce0734a8af3971418729b17c0e0cdb4af7fee10ea5efcf648a5268b5d3d3212c61ed18a31c11d5e0d8563b4a8
SSDEEP

1536:NkGwueOJxhi6loej9cX8VAU0EgB2AW6dY5pZn4nDx2W6:umivAq7186a4nDxI

Score

7^/10

Drops startup file 1 IoCs

Processes:

rundll32.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\uxcdafti.exe	rundll32.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

rundll32.exe

description pid process

Token: SeSecurityPrivilege 1636 rundll32.exe
Token: SeDebugPrivilege 1636 rundll32.exe

description	pid	process
Token: SeSecurityPrivilege	1636	rundll32.exe
Token: SeDebugPrivilege	1636	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2768 wrote to memory of 1636	2768	rundll32.exe	rundll32.exe
PID 2768 wrote to memory of 1636	2768	rundll32.exe	rundll32.exe
PID 2768 wrote to memory of 1636	2768	rundll32.exe	rundll32.exe
PID 2768 wrote to memory of 1636	2768	rundll32.exe	rundll32.exe
PID 2768 wrote to memory of 1636	2768	rundll32.exe	rundll32.exe
PID 2768 wrote to memory of 1636	2768	rundll32.exe	rundll32.exe
PID 2768 wrote to memory of 1636	2768	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8bd6000c423457e34614b28103827b2ea3b1e2cacc4ff07d4936090f078200f8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2768