e41c1f0e4de4620c25863b27ad24b4c0d3170df8d7eb55b984e722f21326d0d3

Analysis

max time kernel
131s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2022, 09:45

Target

e41c1f0e4de4620c25863b27ad24b4c0d3170df8d7eb55b984e722f21326d0d3.dll
Size

33KB
MD5

757aa7ef07d852f1d5d7fa0ae5be61ed
SHA1

80e3d627d3af61acdb4fdb631ad16d83b2d7e0dc
SHA256

e41c1f0e4de4620c25863b27ad24b4c0d3170df8d7eb55b984e722f21326d0d3
SHA512

0459513cc4682b9fc84c460b69709687ff6301ff39020a78e37ac03854658239f39df0a6ec20c06ec1290310d2128dd8b4c08f05b82c8c06854da08ac5b43307
SSDEEP

768:l+aoi6qZOpQB5ZpOc06HCMN9GT6RJ5BHUEy2YEZZEo:l+av6qZ4QxpP0AtNfRJ5BHxY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2340	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3132 wrote to memory of 2340	3132	rundll32.exe	84
PID 3132 wrote to memory of 2340	3132	rundll32.exe	84
PID 3132 wrote to memory of 2340	3132	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e41c1f0e4de4620c25863b27ad24b4c0d3170df8d7eb55b984e722f21326d0d3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3132
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e41c1f0e4de4620c25863b27ad24b4c0d3170df8d7eb55b984e722f21326d0d3.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2340