b6d6132bfcb60c48ffe593d6ffee2a68265ac9c82aecf5726e00f9a90f94b901

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/11/2022, 23:34

Target

b6d6132bfcb60c48ffe593d6ffee2a68265ac9c82aecf5726e00f9a90f94b901.dll
Size

32KB
MD5

ca27caa2ea682ce3c8532a0aac833e21
SHA1

97b1a12f21f9ed1a1dfaf54ad975b75fbb93d99b
SHA256

b6d6132bfcb60c48ffe593d6ffee2a68265ac9c82aecf5726e00f9a90f94b901
SHA512

e21688e609c1cc214d3dd55a489f0fe093727059935d031144781fd26f79b1969c38fc293484dcd950a41cefcc7667bd882bc200f73f08c48c18c7115b86b41e
SSDEEP

768:QpCmoi6qZOpQB5ZpOc06HCMH/sJ2Fvu7s9C84ZZ:Qgmv6qZ4QxpP0AtH0J6O

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3884	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1224 wrote to memory of 3884	1224	rundll32.exe	79
PID 1224 wrote to memory of 3884	1224	rundll32.exe	79
PID 1224 wrote to memory of 3884	1224	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6d6132bfcb60c48ffe593d6ffee2a68265ac9c82aecf5726e00f9a90f94b901.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b6d6132bfcb60c48ffe593d6ffee2a68265ac9c82aecf5726e00f9a90f94b901.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3884