2307c2ae701476a996373da1c4a9781d46b919de06e68ccb30035cfde76ebed9

Analysis

max time kernel
154s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 18:10

Target

2307c2ae701476a996373da1c4a9781d46b919de06e68ccb30035cfde76ebed9.dll
Size

33KB
MD5

bb1356707e39e9aa29fa5586fb83b128
SHA1

51eca0e4efcd35ef96f1b6c71ac2e26eb4409710
SHA256

2307c2ae701476a996373da1c4a9781d46b919de06e68ccb30035cfde76ebed9
SHA512

6ea76ede51f397f152b538a564e1189f8f3d8c7f9ae32bbf094a580d427783cfb6e733f007a225b265e44cd49d99895a70b6c3d5e70bdd1b7bf61b796b42b4fe
SSDEEP

768:w+aoi6qZOpQB5ZpOc06HCMN9GT6RJ5BHUEy2YEZZEo:w+av6qZ4QxpP0AtNfRJ5BHxY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1604	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 1604	4396	rundll32.exe	83
PID 4396 wrote to memory of 1604	4396	rundll32.exe	83
PID 4396 wrote to memory of 1604	4396	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2307c2ae701476a996373da1c4a9781d46b919de06e68ccb30035cfde76ebed9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2307c2ae701476a996373da1c4a9781d46b919de06e68ccb30035cfde76ebed9.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1604

memory/1604-133-0x0000000000720000-0x000000000072E000-memory.dmp

Filesize
56KB

Download