74caf7e58cce128afe0a3768f406c62172a1b38f1d2861177d66ab8f39cecc88

Analysis

max time kernel
134s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 18:10

Target

74caf7e58cce128afe0a3768f406c62172a1b38f1d2861177d66ab8f39cecc88.dll
Size

33KB
MD5

43e7280026393ae886143cae91e624e0
SHA1

d9845dc6a16a947bfb3dd9ebcaf74ae68b53941f
SHA256

74caf7e58cce128afe0a3768f406c62172a1b38f1d2861177d66ab8f39cecc88
SHA512

aecd9088b771a34738904be0428e50c28901dac025ea6590ecf60bd4fab3f881e96252d0dba0a68a076d5feb0b77a8007a68cb1e91ac46fc859a68633aa02adf
SSDEEP

768:c+aoi6qZOpQB5ZpOc06HCMN9GT6RJ5BHUEy2YEZZEo:c+av6qZ4QxpP0AtNfRJ5BHxY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3040	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4088 wrote to memory of 3040	4088	rundll32.exe	78
PID 4088 wrote to memory of 3040	4088	rundll32.exe	78
PID 4088 wrote to memory of 3040	4088	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\74caf7e58cce128afe0a3768f406c62172a1b38f1d2861177d66ab8f39cecc88.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\74caf7e58cce128afe0a3768f406c62172a1b38f1d2861177d66ab8f39cecc88.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3040