Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 8, 2025, 1:41 p.m.	Jan. 8, 2025, 1:50 p.m.

Size	341.5KB
Type	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
MD5	`109ff3fb0cefd81e8073175171cb3b4b`
SHA256	`7498a07f903486473cce83fbf16b88009765af98326e1ebef4c48f103b874f65`
CRC32	`BAFF5D00`
ssdeep	`6144:PIbAH0XjiXhSn08+uQg934kr3wcjOgLTxFN:P1H0XjiXhSn08UeUgL`
Yara	Malicious_Library_Zero - Malicious_Library PE_Header_Zero - PE File Signature IsDLL - (no description) IsPE64 - (no description) Generic_Malware_Zero - Generic Malware UPX_Zero - UPX packed file OS_Processor_Check_Zero - OS Processor Check

rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,AcquireCredentialsHandleA
1096
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,AcquireCredentialsHandleA
  2504
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,AcceptSecurityContext
2004
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,AcceptSecurityContext
  2356
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,AcquireCredentialsHandleW
2108
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,AcquireCredentialsHandleW
  2404
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,AddCredentialsA
2196
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,AddCredentialsA
  2552
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,AddCredentialsW
2292
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,AddCredentialsW
  2652
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,AddSecurityPackageA
2436
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,AddSecurityPackageA
  2748
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,AddSecurityPackageW
2640
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,AddSecurityPackageW
  2912
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,ApplyControlToken
2852
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,ApplyControlToken
  3000
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,ChangeAccountPasswordA
524
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,ChangeAccountPasswordA
  2288
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,ChangeAccountPasswordW
2324
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,ChangeAccountPasswordW
  2476
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,CompleteAuthToken
2576
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,CompleteAuthToken
  2792
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,CredMarshalTargetInfo
1940
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,CredMarshalTargetInfo
  2712
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,CredUnmarshalTargetInfo
2084
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,CredUnmarshalTargetInfo
  2472
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,DecryptMessage
3048
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,DecryptMessage
  2136
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,DeleteSecurityContext
2884
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,DeleteSecurityContext
  2392
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,DeleteSecurityPackageA
2212
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,DeleteSecurityPackageA
  2776
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,DeleteSecurityPackageW
2600
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,DeleteSecurityPackageW
  2864
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,EncryptMessage
2168
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,EncryptMessage
  3240
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,EnumerateSecurityPackagesA
3152
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,EnumerateSecurityPackagesA
  3316
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,EnumerateSecurityPackagesW
3308
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,EnumerateSecurityPackagesW
  3448
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,ExportSecurityContext
3492
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,ExportSecurityContext
  3624
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,FreeContextBuffer
3612
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,FreeContextBuffer
  3820
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,FreeCredentialsHandle
3800
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,FreeCredentialsHandle
  4012
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,GetSecurityUserInfo
4000
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,GetSecurityUserInfo
  3348
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,GetUserNameExA
3148
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,GetUserNameExA
  948
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,GetUserNameExW
3332
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,GetUserNameExW
  3660
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,ImpersonateSecurityContext
3572
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,ImpersonateSecurityContext
  3904
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,ImportSecurityContextA
3840
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,ImportSecurityContextA
  3892
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,ImportSecurityContextW
3172
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,ImportSecurityContextW
  3724
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,InitSecurityInterfaceA
3424
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,InitSecurityInterfaceA
  3372
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,InitSecurityInterfaceW
3220
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,InitSecurityInterfaceW
  3216
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,InitializeSecurityContextA
3024
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,InitializeSecurityContextA
  4136
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,InitializeSecurityContextW
3872
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,InitializeSecurityContextW
  4200
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LogonUserExExW
4048
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LogonUserExExW
  4284
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaCallAuthenticationPackage
4272
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaCallAuthenticationPackage
  4408
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaConnectUntrusted
4492
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaConnectUntrusted
  4744
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaDeregisterLogonProcess
4592
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaDeregisterLogonProcess
  4796
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaEnumerateLogonSessions
4732
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaEnumerateLogonSessions
  4988
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaFreeReturnBuffer
4920
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaFreeReturnBuffer
  4112
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaGetLogonSessionData
5084
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaGetLogonSessionData
  3636
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaLogonUser
4300
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaLogonUser
  4456
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaLookupAuthenticationPackage
4344
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaLookupAuthenticationPackage
  4876
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaRegisterLogonProcess
4792
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaRegisterLogonProcess
  3208
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaRegisterPolicyChangeNotification
5048
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaRegisterPolicyChangeNotification
  4504
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaUnregisterPolicyChangeNotification
4232
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaUnregisterPolicyChangeNotification
  4772
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,MakeSignature
4660
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,MakeSignature
  4320
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryContextAttributesA
5000
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryContextAttributesA
  1044
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryContextAttributesExW
4956
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryContextAttributesExW
  4608
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryContextAttributesExA
4468
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryContextAttributesExA
  4964
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryContextAttributesW
4560
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryContextAttributesW
  1228
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryCredentialsAttributesA
4700
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryCredentialsAttributesA
  5160
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryCredentialsAttributesExA
5136
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryCredentialsAttributesExA
  5224
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryCredentialsAttributesExW
5344
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryCredentialsAttributesExW
  5536
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryCredentialsAttributesW
5448
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryCredentialsAttributesW
  5628
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QuerySecurityContextToken
5608
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QuerySecurityContextToken
  5832
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QuerySecurityPackageInfoA
5780
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QuerySecurityPackageInfoA
  5988
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QuerySecurityPackageInfoW
5920
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QuerySecurityPackageInfoW
  5200
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,RevertSecurityContext
6072
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,RevertSecurityContext
  5324
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslAcceptSecurityContext
4176
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslAcceptSecurityContext
  5432
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslEnumerateProfilesA
5376
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslEnumerateProfilesA
  5816
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslEnumerateProfilesW
5668
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslEnumerateProfilesW
  6012
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslGetContextOption
5848
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslGetContextOption
  6096
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslGetProfilePackageA
5128
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslGetProfilePackageA
  5472
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslGetProfilePackageW
5368
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslGetProfilePackageW
  5980
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslIdentifyPackageA
5696
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslIdentifyPackageA
  5568
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslIdentifyPackageW
6120
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslIdentifyPackageW
  5776
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslInitializeSecurityContextA
5676
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslInitializeSecurityContextA
  5640
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslInitializeSecurityContextW
5240
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslInitializeSecurityContextW
  5552
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslSetContextOption
2124
- rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SaslSetContextOption
  5380
rundll32.exe "C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,SealMessage
6368

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Checks if process is being debugged by a debugger (1 event)

Time & API	Arguments	Status	Return	Repeated
IsDebuggerPresent Jan. 8, 2025, 1:34 p.m.			0	0

Uses Windows utilities for basic Windows functionality (8 events)

cmdline	"C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryContextAttributesExA
cmdline	"C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryContextAttributesExW
cmdline	"C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryCredentialsAttributesW
cmdline	"C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryCredentialsAttributesA
cmdline	"C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryContextAttributesA
cmdline	"C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryCredentialsAttributesExA
cmdline	"C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryCredentialsAttributesExW
cmdline	"C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,QueryContextAttributesW

Uses Sysinternals tools in order to add additional command line functionality (1 event)

cmdline

"C:\Windows\System32\rundll32.exe" C:\Users\test22\AppData\Local\Temp\sspicli.dll,LsaEnumerateLogonSessions

sspicli.dll

Process Tree Toggle all

Network Toggle all

Suricata Toggle all

Suricata Alerts

Suricata TLS

Signatures Toggle All