cb8a15d90741fc73ef34df4aea6cef19f1fff8baefaac9ef8d73ef22ed594764

Analysis

max time kernel
8s
max time network
3s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 18:10

Target

cb8a15d90741fc73ef34df4aea6cef19f1fff8baefaac9ef8d73ef22ed594764.dll
Size

32KB
MD5

3a444d345ffe2a269f43d644d2a9fb12
SHA1

3b724ff1c411a7df4fb5415e96ba46f6add1c230
SHA256

cb8a15d90741fc73ef34df4aea6cef19f1fff8baefaac9ef8d73ef22ed594764
SHA512

8a935f0ed7f78b9236d4e7bb46b262ba56796263753766a4c63775558fb74f98614c90fad216bea5a923b01415aa87b62fe6c32861fc4017ff21a1bf7bb4ae6e
SSDEEP

768:npCmoi6qZOpQB5ZpOc06HCMH/sJ2Fvu7s9C84ZZK:ngmv6qZ4QxpP0AtH0J6Oi

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2304	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2304	2228	rundll32.exe	75
PID 2228 wrote to memory of 2304	2228	rundll32.exe	75
PID 2228 wrote to memory of 2304	2228	rundll32.exe	75

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb8a15d90741fc73ef34df4aea6cef19f1fff8baefaac9ef8d73ef22ed594764.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb8a15d90741fc73ef34df4aea6cef19f1fff8baefaac9ef8d73ef22ed594764.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2304

memory/2304-133-0x0000000000680000-0x000000000068E000-memory.dmp

Filesize
56KB

Download