eca5626dbc59aa5e78ff6bc6b1c3cf4dba0d45d1426545092660dcfc9bab9371

Analysis

max time kernel
131s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 05:45

Target

eca5626dbc59aa5e78ff6bc6b1c3cf4dba0d45d1426545092660dcfc9bab9371.dll
Size

33KB
MD5

e1553dac0440e3efaa92b6ae06ebbdb0
SHA1

85f3c461a68a65f2e3f89e1937c1125a016b5fb7
SHA256

eca5626dbc59aa5e78ff6bc6b1c3cf4dba0d45d1426545092660dcfc9bab9371
SHA512

85c255611c9425a3ab50086dba1805ac699d51a11ef0e5feecb6ea01a4cfc906f20cdd59b3df058c404c5509219616a377567527d77b2176dd8f36037508908f
SSDEEP

768:H+aoi6qZOpQB5ZpOc06HCMN9GT6RJ5BHUEy2YEZZEof:H+av6qZ4QxpP0AtNfRJ5BHxY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3108	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 3108	4372	rundll32.exe	69
PID 4372 wrote to memory of 3108	4372	rundll32.exe	69
PID 4372 wrote to memory of 3108	4372	rundll32.exe	69

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eca5626dbc59aa5e78ff6bc6b1c3cf4dba0d45d1426545092660dcfc9bab9371.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\eca5626dbc59aa5e78ff6bc6b1c3cf4dba0d45d1426545092660dcfc9bab9371.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3108

memory/3108-133-0x00000000005F0000-0x00000000005FE000-memory.dmp

Filesize
56KB

Download