ceba67d621af705a67bcf1e1fdfeb0e34bcc8ca582d42da884062b86e4c86bc0

Analysis

max time kernel
70s
max time network
76s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 01:04

Target

3dmigoto/d3dcompiler_46.dll
Size

3.7MB
MD5

65f98232112e4da7f561c500bf3f3b93
SHA1

9ced490f112005df9576d16ee06d8004db44afbe
SHA256

7a9bae7907abd79d15d9d4114674d3fc01f0438d76bc5afdf827bbfa7fc3b020
SHA512

cb6fd44a160ebe31504ef5d240c81db7c4b9fcca710cec24fa04c4562ed64d2b11801cf1ab8f10ba62409c90f7bd46433fb35912660894426ebc89e65f252874
SSDEEP

49152:MLz3aHgfo/CoXC3SO06vwD/Sv/i9xq2nh2I+ZLm2n0vgF0S2yp1Tn1:EYXicQiW2pmm02yp1T1

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1988	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1988	AUDIODG.EXE
Token: 33	1988	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1988	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 1052	2508	rundll32.exe	29
PID 2508 wrote to memory of 1052	2508	rundll32.exe	29
PID 2508 wrote to memory of 1052	2508	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3dmigoto\d3dcompiler_46.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2508 -s 92
  2⤵
  PID:1052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x200
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1988