41a9785f9c2d696f9f0c7a605f6f19e8bf54f7b3baac86c78b1735b4723dba3a

Analysis

max time kernel
102s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 15:01

Target

41a9785f9c2d696f9f0c7a605f6f19e8bf54f7b3baac86c78b1735b4723dba3a.dll
Size

33KB
MD5

63013a4a0e6a83cdefce9fb9ed9703f2
SHA1

43d78bbeb3430d273e71b110607242249436afd3
SHA256

41a9785f9c2d696f9f0c7a605f6f19e8bf54f7b3baac86c78b1735b4723dba3a
SHA512

949f41a9df657cb1167a440203ac7fe018e7cae11ce67f0ad6e31ef965748cf1c444ff92d704b25ca5f849055fbe17ed8bbf8ebf07adb2646f7e1508faa2b061
SSDEEP

768:7+aoi6qZOpQB5ZpOc06HCMN9GT6RJ5BHUEy2YEZZEo:7+av6qZ4QxpP0AtNfRJ5BHxY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2136	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 2136	1748	rundll32.exe	83
PID 1748 wrote to memory of 2136	1748	rundll32.exe	83
PID 1748 wrote to memory of 2136	1748	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\41a9785f9c2d696f9f0c7a605f6f19e8bf54f7b3baac86c78b1735b4723dba3a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\41a9785f9c2d696f9f0c7a605f6f19e8bf54f7b3baac86c78b1735b4723dba3a.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2136

memory/2136-133-0x0000000000450000-0x000000000045E000-memory.dmp

Filesize
56KB

Download