Windows
Analysis Report
file.dll
Overview
General Information
Sample name: | file.dll (renamed file extension from exe to dll) |
Original sample name: | file.exe |
Analysis ID: | 1524400 |
MD5: | 3d9f992c8f1aa9f789c806e1510a2ccf |
SHA1: | 960cc1ac85b1ec28101d4225497775d5f6603a7f |
SHA256: | 55a8f234a1181e93001290fea68c382421287a7e6b31ff8e33b74213d83e5060 |
Tags: | dllexesignedx64user-jstrosch |
Infos: | |
Detection
Score: | 2 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 80% |
Signatures
Classification
- System is w10x64
- loaddll64.exe (PID: 6524 cmdline:
loaddll64. exe "C:\Us ers\user\D esktop\fil e.dll" MD5: 763455F9DCB24DFEECC2B9D9F8D46D52) - conhost.exe (PID: 5416 cmdline:
C:\Windows \system32\ conhost.ex e 0xffffff ff -ForceV 1 MD5: 0D698AF330FD17BEE3BF90011D49251D) - cmd.exe (PID: 6920 cmdline:
cmd.exe /C rundll32. exe "C:\Us ers\user\D esktop\fil e.dll",#1 MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE) - rundll32.exe (PID: 2460 cmdline:
rundll32.e xe "C:\Use rs\user\De sktop\file .dll",#1 MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 6452 cmdline:
rundll32.e xe C:\User s\user\Des ktop\file. dll,JNI_On Load MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 6328 cmdline:
rundll32.e xe C:\User s\user\Des ktop\file. dll,Java_c om_sun_ima geio_plugi ns_jpeg_JP EGImageRea der_abortR ead MD5: EF3179D498793BF4234F708D3BE28633) - rundll32.exe (PID: 7368 cmdline:
rundll32.e xe C:\User s\user\Des ktop\file. dll,Java_c om_sun_ima geio_plugi ns_jpeg_JP EGImageRea der_dispos eReader MD5: EF3179D498793BF4234F708D3BE28633)
- cleanup
Click to jump to signature section
There are no malicious signatures, click here to show all signatures.
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: | ||
Source: | String found in binary or memory: |
Source: | Binary or memory string: |
Source: | Classification label: |
Source: | Mutant created: |
Source: | Static PE information: |
Source: | Key opened: | Jump to behavior |
Source: | Process created: |
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | |||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior | ||
Source: | Process created: | Jump to behavior |
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior | ||
Source: | Section loaded: | Jump to behavior |
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: | ||
Source: | Automated click: |
Source: | Window detected: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Static PE information: |
Source: | Binary string: | ||
Source: | Binary string: |
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: | ||
Source: | Static PE information: |
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior | ||
Source: | Process information set: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Last function: |
Source: | Process queried: | Jump to behavior |
Source: | Thread injection, dropped files, key value created, disk infection and DNS query: |
Source: | Process created: | Jump to behavior |
Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Gather Victim Identity Information | Acquire Infrastructure | Valid Accounts | Windows Management Instrumentation | 1 DLL Side-Loading | 11 Process Injection | 1 Virtualization/Sandbox Evasion | OS Credential Dumping | 1 Security Software Discovery | Remote Services | Data from Local System | Data Obfuscation | Exfiltration Over Other Network Medium | Abuse Accessibility Features |
Credentials | Domains | Default Accounts | Scheduled Task/Job | Boot or Logon Initialization Scripts | 1 DLL Side-Loading | 1 Rundll32 | LSASS Memory | 1 Virtualization/Sandbox Evasion | Remote Desktop Protocol | Data from Removable Media | Junk Data | Exfiltration Over Bluetooth | Network Denial of Service |
Email Addresses | DNS Server | Domain Accounts | At | Logon Script (Windows) | Logon Script (Windows) | 11 Process Injection | Security Account Manager | 1 System Information Discovery | SMB/Windows Admin Shares | Data from Network Shared Drive | Steganography | Automated Exfiltration | Data Encrypted for Impact |
Employee Names | Virtual Private Server | Local Accounts | Cron | Login Hook | Login Hook | 1 DLL Side-Loading | NTDS | System Network Configuration Discovery | Distributed Component Object Model | Input Capture | Protocol Impersonation | Traffic Duplication | Data Destruction |
This section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source | Detection | Scanner | Label | Link |
---|---|---|---|---|
0% | ReversingLabs |
Joe Sandbox version: | 41.0.0 Charoite |
Analysis ID: | 1524400 |
Start date and time: | 2024-10-02 18:47:37 +02:00 |
Joe Sandbox product: | CloudBasic |
Overall analysis duration: | 0h 3m 52s |
Hypervisor based Inspection enabled: | false |
Report type: | full |
Cookbook file name: | default.jbs |
Analysis system description: | Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01 |
Number of analysed new started processes analysed: | 20 |
Number of new started drivers analysed: | 0 |
Number of existing processes analysed: | 0 |
Number of existing drivers analysed: | 0 |
Number of injected processes analysed: | 0 |
Technologies: |
|
Analysis Mode: | default |
Analysis stop reason: | Timeout |
Sample name: | file.dll (renamed file extension from exe to dll) |
Original Sample Name: | file.exe |
Detection: | CLEAN |
Classification: | clean2.winDLL@12/0@0/0 |
EGA Information: | Failed |
HCA Information: |
|
- Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
- Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
- Not all processes where analyzed, report is missing behavior information
- VT rate limit hit for: file.dll
File type: | |
Entropy (8bit): | 6.498819915028123 |
TrID: |
|
File name: | file.dll |
File size: | 200'864 bytes |
MD5: | 3d9f992c8f1aa9f789c806e1510a2ccf |
SHA1: | 960cc1ac85b1ec28101d4225497775d5f6603a7f |
SHA256: | 55a8f234a1181e93001290fea68c382421287a7e6b31ff8e33b74213d83e5060 |
SHA512: | db62832d52c4ce1179a96c6bbceacd87dcd716fc775de169940335a3378e3a683157d04f431cb394f761a91154a00be4fcc888e2d90aabf9fd850a7182f847fe |
SSDEEP: | 6144:hy0tQkTF0j3YCcqbmnazMGg41pamlQPGWb:rzTKjIuLgMKb |
TLSH: | 6E146B5273B01098E5ABC0BC966ADA17EAB270150714A7EB47A4C3B72F13EE13D3B754 |
File Content Preview: | MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........6D..eD..eD..eM.=eL..e...dF..e...dF..e.=ieE..e...dH..e...dL..e...dF..e...dG..eD..ev..e...du..e...dE..e..QeE..e...dE..eRichD.. |
Icon Hash: | 7ae282899bbab082 |
Entrypoint: | 0x18002553c |
Entrypoint Section: | .text |
Digitally signed: | true |
Imagebase: | 0x180000000 |
Subsystem: | windows gui |
Image File Characteristics: | EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL |
DLL Characteristics: | HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT |
Time Stamp: | 0x63BBD4C4 [Mon Jan 9 08:48:04 2023 UTC] |
TLS Callbacks: | |
CLR (.Net) Version: | |
OS Version Major: | 6 |
OS Version Minor: | 0 |
File Version Major: | 6 |
File Version Minor: | 0 |
Subsystem Version Major: | 6 |
Subsystem Version Minor: | 0 |
Import Hash: | 9aefa8396980f6588f945972d6f0f774 |
Signature Valid: | true |
Signature Issuer: | CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1, O="DigiCert, Inc.", C=US |
Signature Validation Error: | The operation completed successfully |
Error Number: | 0 |
Not Before, Not After |
|
Subject Chain |
|
Version: | 3 |
Thumbprint MD5: | 2876C1BECB51837D0E3DE50903D025B6 |
Thumbprint SHA-1: | 940D69C0A34A1B4CFD8048488BA86F4CED60481A |
Thumbprint SHA-256: | EE46613A38B4F486164BCE7FB23178667715617F511B364594311A1548B08EB1 |
Serial: | 068BE2F53452C882F18ED41A5DD4E7A3 |
Instruction |
---|
dec eax |
mov dword ptr [esp+08h], ebx |
dec eax |
mov dword ptr [esp+10h], esi |
push edi |
dec eax |
sub esp, 20h |
dec ecx |
mov edi, eax |
mov ebx, edx |
dec eax |
mov esi, ecx |
cmp edx, 01h |
jne 00007F4454874D27h |
call 00007F4454874D44h |
dec esp |
mov eax, edi |
mov edx, ebx |
dec eax |
mov ecx, esi |
dec eax |
mov ebx, dword ptr [esp+30h] |
dec eax |
mov esi, dword ptr [esp+38h] |
dec eax |
add esp, 20h |
pop edi |
jmp 00007F4454874BB4h |
int3 |
int3 |
int3 |
dec eax |
mov dword ptr [esp+20h], ebx |
push ebp |
dec eax |
mov ebp, esp |
dec eax |
sub esp, 20h |
dec eax |
mov eax, dword ptr [00007B78h] |
dec eax |
mov ebx, 2DDFA232h |
cdq |
sub eax, dword ptr [eax] |
add byte ptr [eax+3Bh], cl |
ret |
jne 00007F4454874D96h |
dec eax |
and dword ptr [ebp+18h], 00000000h |
dec eax |
lea ecx, dword ptr [ebp+18h] |
call dword ptr [00000A6Ah] |
dec eax |
mov eax, dword ptr [ebp+18h] |
dec eax |
mov dword ptr [ebp+10h], eax |
call dword ptr [00000A64h] |
mov eax, eax |
dec eax |
xor dword ptr [ebp+10h], eax |
call dword ptr [00000A60h] |
mov eax, eax |
dec eax |
lea ecx, dword ptr [ebp+20h] |
dec eax |
xor dword ptr [ebp+10h], eax |
call dword ptr [00000A58h] |
mov eax, dword ptr [ebp+20h] |
dec eax |
lea ecx, dword ptr [ebp+10h] |
dec eax |
shl eax, 20h |
dec eax |
xor eax, dword ptr [ebp+20h] |
dec eax |
xor eax, dword ptr [ebp+10h] |
dec eax |
xor eax, ecx |
dec eax |
mov ecx, FFFFFFFFh |
Programming Language: |
|
Name | Virtual Address | Virtual Size | Is in Section |
---|---|---|---|
IMAGE_DIRECTORY_ENTRY_EXPORT | 0x2bf90 | 0x6f8 | .rdata |
IMAGE_DIRECTORY_ENTRY_IMPORT | 0x2c688 | 0xa0 | .rdata |
IMAGE_DIRECTORY_ENTRY_RESOURCE | 0x30000 | 0x398 | .rsrc |
IMAGE_DIRECTORY_ENTRY_EXCEPTION | 0x2e000 | 0x1e60 | .pdata |
IMAGE_DIRECTORY_ENTRY_SECURITY | 0x2e800 | 0x28a0 | |
IMAGE_DIRECTORY_ENTRY_BASERELOC | 0x31000 | 0x120 | .reloc |
IMAGE_DIRECTORY_ENTRY_DEBUG | 0x292c0 | 0x54 | .rdata |
IMAGE_DIRECTORY_ENTRY_COPYRIGHT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_GLOBALPTR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_TLS | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG | 0x29320 | 0x100 | .rdata |
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_IAT | 0x26000 | 0x198 | .rdata |
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR | 0x0 | 0x0 | |
IMAGE_DIRECTORY_ENTRY_RESERVED | 0x0 | 0x0 |
Name | Virtual Address | Virtual Size | Raw Size | MD5 | Xored PE | ZLIB Complexity | File Type | Entropy | Characteristics |
---|---|---|---|---|---|---|---|---|---|
.text | 0x1000 | 0x24cf3 | 0x24e00 | 90b26a84b53ef2158f198e7e296cd65a | False | 0.516359904661017 | zlib compressed data | 6.320029236131401 | IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
.rdata | 0x26000 | 0x6cfc | 0x6e00 | fb0465ed495d8340a5f19f4c3f0779fd | False | 0.42464488636363634 | COM executable for DOS | 5.751839443457755 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.data | 0x2d000 | 0x870 | 0x200 | 44db2aeca9727bf7b54199d3bcb62d10 | False | 0.310546875 | data | 1.7037933149541986 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE |
.pdata | 0x2e000 | 0x1e60 | 0x2000 | 1755e6c0c1f10bc9f66fdcfc08aeae8c | False | 0.454345703125 | data | 5.192282278377005 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.rsrc | 0x30000 | 0x398 | 0x400 | 236b26fce7d1bad0bf4e5fa50a452c68 | False | 0.4033203125 | data | 3.0298096834492867 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ |
.reloc | 0x31000 | 0x120 | 0x200 | f8b25fc19d1f595b7898fbb9facbf9da | False | 0.44140625 | data | 3.402778242007507 | IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ |
Name | RVA | Size | Type | Language | Country | ZLIB Complexity |
---|---|---|---|---|---|---|
RT_VERSION | 0x30060 | 0x334 | data | 0.46463414634146344 |
DLL | Import |
---|---|
java.dll | JNU_ThrowNullPointerException, JNU_CallStaticMethodByName, jio_snprintf, JNU_GetEnv, JNU_CallMethodByName, JNU_NewObjectByName, JNU_ThrowByName |
KERNEL32.dll | IsDebuggerPresent, InitializeSListHead, DisableThreadLibraryCalls, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent |
VCRUNTIME140.dll | memmove, longjmp, __C_specific_handler, memset, __std_type_info_destroy_list, __intrinsic_setjmp, memcpy |
api-ms-win-crt-heap-l1-1-0.dll | calloc, malloc, free |
api-ms-win-crt-stdio-l1-1-0.dll | __stdio_common_vfprintf, __acrt_iob_func, __stdio_common_vsscanf |
api-ms-win-crt-environment-l1-1-0.dll | getenv |
api-ms-win-crt-runtime-l1-1-0.dll | _execute_onexit_table, _cexit, _initialize_onexit_table, _seh_filter_dll, _initialize_narrow_environment, _initterm, _initterm_e, _configure_narrow_argv |
Name | Ordinal | Address |
---|---|---|
JNI_OnLoad | 1 | 0x18001d560 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_abortRead | 2 | 0x1800010a0 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_disposeReader | 3 | 0x1800010c0 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_initJPEGImageReader | 4 | 0x180001120 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_initReaderIDs | 5 | 0x180001330 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_readImage | 6 | 0x180001590 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_readImageHeader | 7 | 0x180001e40 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_resetLibraryState | 8 | 0x180002170 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_resetReader | 9 | 0x180002190 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_setOutColorSpace | 10 | 0x180002240 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageReader_setSource | 11 | 0x180002260 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageWriter_abortWrite | 12 | 0x1800022b0 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageWriter_disposeWriter | 13 | 0x1800010c0 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageWriter_initJPEGImageWriter | 14 | 0x1800022d0 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageWriter_initWriterIDs | 15 | 0x1800024a0 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageWriter_resetWriter | 16 | 0x180002630 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageWriter_setDest | 17 | 0x180002680 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageWriter_writeImage | 18 | 0x1800026d0 |
Java_com_sun_imageio_plugins_jpeg_JPEGImageWriter_writeTables | 19 | 0x180003210 |
Java_sun_awt_image_JPEGImageDecoder_initIDs | 20 | 0x18001d570 |
Java_sun_awt_image_JPEGImageDecoder_readImage | 21 | 0x18001d660 |
Java_sun_awt_image_codec_JPEGImageDecoderImpl_initDecoder | 22 | 0x18001e2a0 |
Java_sun_awt_image_codec_JPEGImageDecoderImpl_readJPEGStream | 23 | 0x18001e4c0 |
Java_sun_awt_image_codec_JPEGImageEncoderImpl_initEncoder | 24 | 0x18001f720 |
Java_sun_awt_image_codec_JPEGImageEncoderImpl_writeJPEGStream | 25 | 0x18001f7d0 |
Click to jump to process
Click to jump to process
Click to jump to process
Target ID: | 0 |
Start time: | 12:48:30 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\loaddll64.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff72d6b0000 |
File size: | 165'888 bytes |
MD5 hash: | 763455F9DCB24DFEECC2B9D9F8D46D52 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 1 |
Start time: | 12:48:30 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\conhost.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff75da10000 |
File size: | 862'208 bytes |
MD5 hash: | 0D698AF330FD17BEE3BF90011D49251D |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 2 |
Start time: | 12:48:30 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\cmd.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff668890000 |
File size: | 289'792 bytes |
MD5 hash: | 8A2122E8162DBEF04694B9C3E0B6CDEE |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 3 |
Start time: | 12:48:30 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d8240000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 4 |
Start time: | 12:48:30 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d8240000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 9 |
Start time: | 12:48:33 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d8240000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |
Target ID: | 13 |
Start time: | 12:48:36 |
Start date: | 02/10/2024 |
Path: | C:\Windows\System32\rundll32.exe |
Wow64 process (32bit): | false |
Commandline: | |
Imagebase: | 0x7ff7d8240000 |
File size: | 71'680 bytes |
MD5 hash: | EF3179D498793BF4234F708D3BE28633 |
Has elevated privileges: | true |
Has administrator privileges: | true |
Programmed in: | C, C++ or other language |
Reputation: | high |
Has exited: | true |