0d9a7b4c9b0901d66e34594e4410753d151cd72a384401a711e94b7288ed0867

Analysis

max time kernel
154s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 10:54

Target

0d9a7b4c9b0901d66e34594e4410753d151cd72a384401a711e94b7288ed0867.dll
Size

740KB
MD5

7de29c87f6a9af360cf2ff57ee76e1be
SHA1

89aa18b03171330f880e3630484ef38325652b2a
SHA256

0d9a7b4c9b0901d66e34594e4410753d151cd72a384401a711e94b7288ed0867
SHA512

048dea7ea0c3a22fa693bfbd7692d574e208307f87be49747a2749422d1aa3b6292aca7055a7a1bded420c4e10ad116a7291d411d22c3a11ea4954249972defb
SSDEEP

12288:oizeM2EUEUZ3jY19ZRsoAm8itozrIHMlu4FLpOjWtGNgDUiWqWNKDrt2j:oiqM2CTZKHtitP4FVOjWcCDUiWBwrkj

Score

1^/10

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	32	rundll32.exe

Suspicious use of SetWindowsHookEx 61 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 32	2280	rundll32.exe	82
PID 2280 wrote to memory of 32	2280	rundll32.exe	82
PID 2280 wrote to memory of 32	2280	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d9a7b4c9b0901d66e34594e4410753d151cd72a384401a711e94b7288ed0867.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2280
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d9a7b4c9b0901d66e34594e4410753d151cd72a384401a711e94b7288ed0867.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:32

memory/32-133-0x0000000010000000-0x000000001027F000-memory.dmp

Filesize
2.5MB

Download
memory/32-138-0x0000000010000000-0x000000001027F000-memory.dmp

Filesize
2.5MB

Download
memory/32-139-0x0000000010000000-0x000000001027F000-memory.dmp

Filesize
2.5MB

Download