55c66369dfad8e2ea4b7d6b19c9c928ac0ddaee536bbd6726eab172355751535

Analysis

max time kernel
90s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 05:31

Target

55c66369dfad8e2ea4b7d6b19c9c928ac0ddaee536bbd6726eab172355751535.dll
Size

136KB
MD5

dccd256d4b003042b6fc2c6b1b25b210
SHA1

45c201a0a39c62030e996fb303b3497d1c6b9af3
SHA256

55c66369dfad8e2ea4b7d6b19c9c928ac0ddaee536bbd6726eab172355751535
SHA512

d2c7cad4613085a8c188babe5446a766c3527e9c12bab9302f4cbbfab320af4d0da1f04c0ad5f1aefc783f50ae54189798ad7334b21070d58d44b4ab16494ba0
SSDEEP

3072:uoIE0QBOqv5bObgdDa0j6JBIufHNQIBgk9NmoKhiGhHxcD2c:gkBOqh+gdDa3GuvPjtKGh

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1388	rundll32.exe
Token: SeCreateGlobalPrivilege	1388	rundll32.exe
Token: SeDebugPrivilege	1388	rundll32.exe
Token: SeCreateGlobalPrivilege	1388	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 1388	4640	rundll32.exe	80
PID 4640 wrote to memory of 1388	4640	rundll32.exe	80
PID 4640 wrote to memory of 1388	4640	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\55c66369dfad8e2ea4b7d6b19c9c928ac0ddaee536bbd6726eab172355751535.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\55c66369dfad8e2ea4b7d6b19c9c928ac0ddaee536bbd6726eab172355751535.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1388

memory/1388-133-0x0000000001030000-0x0000000001036000-memory.dmp

Filesize
24KB

Download
memory/1388-134-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1388-135-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/1388-136-0x0000000001030000-0x0000000001033000-memory.dmp

Filesize
12KB

Download
memory/1388-137-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download