a60fb208a8f82a4a907fee512a961c652eebc8a5fd045358c560ffbf5249bba0

Analysis

max time kernel
155s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 21:11

Target

a60fb208a8f82a4a907fee512a961c652eebc8a5fd045358c560ffbf5249bba0.dll
Size

11KB
MD5

078b67c7a5f664a5a754df3142d13660
SHA1

23fb6a36da317f74b4fe89198d0f40cb8c7ea07d
SHA256

a60fb208a8f82a4a907fee512a961c652eebc8a5fd045358c560ffbf5249bba0
SHA512

035b2dd360eb5dc648854f1e7df0ce2ce01fd9fb248e822cfec6b31edcec84caef4833808f6576d31404dedffbda92da9e4e1a0dc08c46ead0c5cd0d808fc401
SSDEEP

192:rr/TbOble8zdbEwPxK/F3blsyid2ITsPgoOYKHBgxJkgj8RmAwzkfF4ICyzysx9K:rr/ge8zdTyBsyqAIZhgxigjrrzkfF3LC

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4436	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 4436	2260	rundll32.exe	79
PID 2260 wrote to memory of 4436	2260	rundll32.exe	79
PID 2260 wrote to memory of 4436	2260	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a60fb208a8f82a4a907fee512a961c652eebc8a5fd045358c560ffbf5249bba0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a60fb208a8f82a4a907fee512a961c652eebc8a5fd045358c560ffbf5249bba0.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4436

memory/4436-133-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download