10f08165733a4a9a0b18152c2d54ba70a408338efde21df66f7c10b1f46014ff

Analysis

max time kernel
152s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 13:29

Target

10f08165733a4a9a0b18152c2d54ba70a408338efde21df66f7c10b1f46014ff.dll
Size

1.0MB
MD5

44e56ad9caf4f993cda9320a8a51b560
SHA1

97521f87195d9e1dc34a40cf317a467c1adbf4dc
SHA256

10f08165733a4a9a0b18152c2d54ba70a408338efde21df66f7c10b1f46014ff
SHA512

d1f67e2e2a4d5141e02b7134c8c57e8e1da2565bfbfb88cc21b417aacb90b996fb75942c717fc32f61906b41af3a61044986b39b671fe82c81cc35592cf462d2
SSDEEP

24576:dzTmL4iQdVYyil2uhJLmE2xIWKIz4qM+X7+R4oIw8Vsh9tUlxKGaZE9:dt0lhJLaFzJ7++w8Mr+qI

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4668	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 4668	4924	rundll32.exe	81
PID 4924 wrote to memory of 4668	4924	rundll32.exe	81
PID 4924 wrote to memory of 4668	4924	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\10f08165733a4a9a0b18152c2d54ba70a408338efde21df66f7c10b1f46014ff.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\10f08165733a4a9a0b18152c2d54ba70a408338efde21df66f7c10b1f46014ff.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4668

memory/4668-133-0x0000000010000000-0x0000000010112000-memory.dmp

Filesize
1.1MB

Download
memory/4668-134-0x0000000010000000-0x0000000010112000-memory.dmp

Filesize
1.1MB

Download