90ea761777b3060c728afda59b86cd069f7afb81797789f3478ca6190cf75f8c

Analysis

max time kernel
201s
max time network
227s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 12:33

Target

90ea761777b3060c728afda59b86cd069f7afb81797789f3478ca6190cf75f8c.dll
Size

308KB
MD5

08cb3f3e0884e840c2effacf05db4277
SHA1

8710f6964e3740271cb91df29d61a2c7f3628ea2
SHA256

90ea761777b3060c728afda59b86cd069f7afb81797789f3478ca6190cf75f8c
SHA512

03a18e670853fc9eb73a7b850ed021aa0d441e77a83b241a9129ca38b9a38ef7ef57c880038cbdc31c7862a5bb5fd3ecc5b1a4b9972d83dd7d8057f33dd10189
SSDEEP

6144:nuVbBrce0ucRcrKVkWDDP66MG8VivKYbA3yQAHNmIckTk2ajpOTBcuLIA6c:EBeucRc8kkDyvV2oNAt1ckTk5jpOTquV

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2436	112	WerFault.exe	82

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	112	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 100 wrote to memory of 112	100	rundll32.exe	82
PID 100 wrote to memory of 112	100	rundll32.exe	82
PID 100 wrote to memory of 112	100	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\90ea761777b3060c728afda59b86cd069f7afb81797789f3478ca6190cf75f8c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\90ea761777b3060c728afda59b86cd069f7afb81797789f3478ca6190cf75f8c.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:112
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 680
    3⤵
    - Program crash
    PID:2436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 112 -ip 112
1⤵
PID:4284