adac7203fb8f7429094a425d3ed643ec964cb2ec1161f276b4b864cd43f59ea3

Analysis

max time kernel
91s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/11/2022, 23:34

Target

adac7203fb8f7429094a425d3ed643ec964cb2ec1161f276b4b864cd43f59ea3.dll
Size

32KB
MD5

bf3d1f6b47b041404a28c4a915193019
SHA1

f66bfd57246acb930eed060cb3830b76bde123d3
SHA256

adac7203fb8f7429094a425d3ed643ec964cb2ec1161f276b4b864cd43f59ea3
SHA512

ffbc2559797ca9479371f1d7cafe6250548d2947610adf6b4a46a6c2199411985e10ec9571d85fb1f90714617cf2ab39f6430cbd21683ee72b782df8178f45eb
SSDEEP

768:upCmoi6qZOpQB5ZpOc06HCMH/sJ2Fvu7s9C84ZZ:ugmv6qZ4QxpP0AtH0J6O

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4316	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 4316	4252	rundll32.exe	81
PID 4252 wrote to memory of 4316	4252	rundll32.exe	81
PID 4252 wrote to memory of 4316	4252	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\adac7203fb8f7429094a425d3ed643ec964cb2ec1161f276b4b864cd43f59ea3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\adac7203fb8f7429094a425d3ed643ec964cb2ec1161f276b4b864cd43f59ea3.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4316