b2c16da919b8a8ac7fb00f5d37ad26b5de0bbc2ce38c7eb466f51e6281b902ff

Analysis

max time kernel
155s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 08:34

Target

b2c16da919b8a8ac7fb00f5d37ad26b5de0bbc2ce38c7eb466f51e6281b902ff.dll
Size

308KB
MD5

f5daf514f4e7d06c153a9183d3befdc3
SHA1

8fa5a2dde74000f248522223203f454fa21974d9
SHA256

b2c16da919b8a8ac7fb00f5d37ad26b5de0bbc2ce38c7eb466f51e6281b902ff
SHA512

24ee9e4d06e638de8906625123b924a607e62407bbf0d5ac8db70d8371f31ab9463cd310feb95aa56cddffff3b8b839f92f738dff3b31de156d38f66216fac99
SSDEEP

6144:mKVgEqc1+ucROIULkdqDP6FMG8zUvKjTYp501fcVnrjajppTBHuJUA/q:IE6ucRODkcDyGzIDEcVnrWjppTZuxC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4156	3324	WerFault.exe	78

Suspicious behavior: EnumeratesProcesses 6 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3324	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 3324	4752	rundll32.exe	78
PID 4752 wrote to memory of 3324	4752	rundll32.exe	78
PID 4752 wrote to memory of 3324	4752	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2c16da919b8a8ac7fb00f5d37ad26b5de0bbc2ce38c7eb466f51e6281b902ff.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2c16da919b8a8ac7fb00f5d37ad26b5de0bbc2ce38c7eb466f51e6281b902ff.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3324
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 680
    3⤵
    - Program crash
    PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3324 -ip 3324
1⤵
PID:1716