80c2906a32210c69338845b5aeac4b5a32427e09ae3f8c705497e39dd88240d7

Analysis

max time kernel
176s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 13:51

Target

80c2906a32210c69338845b5aeac4b5a32427e09ae3f8c705497e39dd88240d7.dll
Size

56KB
MD5

14ed2188fede9656b38dafa9b7e4d650
SHA1

11fa46bd4ef5015efeaf8c10148eb30de8d189f4
SHA256

80c2906a32210c69338845b5aeac4b5a32427e09ae3f8c705497e39dd88240d7
SHA512

ecaae64307a6be733a90a41b001628fe18f89912885f463ac5f9db784bd04a1af6e4fc03b6f59048608008a28fc07bdb12843c9cd8aa417cce467c1d6f3f6423
SSDEEP

768:o6H3XTYIstsIxUNNtYr8YDTQi6r5GLYCz9CRenchlirazmwht:NH3XMIstXxUuDTQi6NGFB5Mliu6u

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4368	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 4368	4952	rundll32.exe	81
PID 4952 wrote to memory of 4368	4952	rundll32.exe	81
PID 4952 wrote to memory of 4368	4952	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\80c2906a32210c69338845b5aeac4b5a32427e09ae3f8c705497e39dd88240d7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\80c2906a32210c69338845b5aeac4b5a32427e09ae3f8c705497e39dd88240d7.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4368