a76c24417760d6caaeed0c4877c5b4bd9d102a799ac7ed2b54776d0dac4828a7

Analysis

max time kernel
140s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 17:19

Target

a76c24417760d6caaeed0c4877c5b4bd9d102a799ac7ed2b54776d0dac4828a7.dll
Size

680KB
MD5

52b1afc34157497a7c5d9106166e9160
SHA1

effbfe7baad847b78caca1a4f80460c4e9a27beb
SHA256

a76c24417760d6caaeed0c4877c5b4bd9d102a799ac7ed2b54776d0dac4828a7
SHA512

2b81cb93b39f781e2d8e4a0de4e02133fb231a9f0f9d1fa27cbb5e9c4a6b58be4785c945099fba6075048a50511a7558788776a31cfb9b11c2fb759886700368
SSDEEP

12288:X2DFtdILWpX2ihzx7/21n8PwvgqUGKrW7lVEhBTiyLlW6ASMJg/6gP2rHcJMJ6iX:X2DXdISpmi37/2hdOA9xZX

Score

1^/10

Suspicious use of AdjustPrivilegeToken 35 IoCs

Processes:

rundll32.exe

description	pid	process
Token: 1	1600	rundll32.exe
Token: SeCreateTokenPrivilege	1600	rundll32.exe
Token: SeAssignPrimaryTokenPrivilege	1600	rundll32.exe
Token: SeLockMemoryPrivilege	1600	rundll32.exe
Token: SeIncreaseQuotaPrivilege	1600	rundll32.exe
Token: SeMachineAccountPrivilege	1600	rundll32.exe
Token: SeTcbPrivilege	1600	rundll32.exe
Token: SeSecurityPrivilege	1600	rundll32.exe
Token: SeTakeOwnershipPrivilege	1600	rundll32.exe
Token: SeLoadDriverPrivilege	1600	rundll32.exe
Token: SeSystemProfilePrivilege	1600	rundll32.exe
Token: SeSystemtimePrivilege	1600	rundll32.exe
Token: SeProfSingleProcessPrivilege	1600	rundll32.exe
Token: SeIncBasePriorityPrivilege	1600	rundll32.exe
Token: SeCreatePagefilePrivilege	1600	rundll32.exe
Token: SeCreatePermanentPrivilege	1600	rundll32.exe
Token: SeBackupPrivilege	1600	rundll32.exe
Token: SeRestorePrivilege	1600	rundll32.exe
Token: SeShutdownPrivilege	1600	rundll32.exe
Token: SeDebugPrivilege	1600	rundll32.exe
Token: SeAuditPrivilege	1600	rundll32.exe
Token: SeSystemEnvironmentPrivilege	1600	rundll32.exe
Token: SeChangeNotifyPrivilege	1600	rundll32.exe
Token: SeRemoteShutdownPrivilege	1600	rundll32.exe
Token: SeUndockPrivilege	1600	rundll32.exe
Token: SeSyncAgentPrivilege	1600	rundll32.exe
Token: SeEnableDelegationPrivilege	1600	rundll32.exe
Token: SeManageVolumePrivilege	1600	rundll32.exe
Token: SeImpersonatePrivilege	1600	rundll32.exe
Token: SeCreateGlobalPrivilege	1600	rundll32.exe
Token: 31	1600	rundll32.exe
Token: 32	1600	rundll32.exe
Token: 33	1600	rundll32.exe
Token: 34	1600	rundll32.exe
Token: 35	1600	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

1600 rundll32.exe

pid	process
1600	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4568 wrote to memory of 1600	4568	rundll32.exe	rundll32.exe
PID 4568 wrote to memory of 1600	4568	rundll32.exe	rundll32.exe
PID 4568 wrote to memory of 1600	4568	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a76c24417760d6caaeed0c4877c5b4bd9d102a799ac7ed2b54776d0dac4828a7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4568

memory/1600-132-0x0000000000000000-mapping.dmp

Download
memory/1600-133-0x0000000010000000-0x00000000100BE000-memory.dmp

Filesize
760KB

Download