08d9cc9df0f3b1467038fc2921c6629998a5ee54e93f45687deedd4acdbbb73b

Analysis

max time kernel
135s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2023 00:39

Target

Android Image Kitchen/android_win_tools/cygbz2-1.dll
Size

65KB
MD5

c87972fc61f9ccef9b5b1d6cf28baf9a
SHA1

7666432d0614ee4ed79ff14d9dc85c352c6259a7
SHA256

7ca300ab53e10707c98a79e040266136f15e62e1c4160aa80bd7a972d3d33537
SHA512

261e0c730933e0e94a2c8af3261e9ee7886f830de07e8e0db7315168f69d3000603b2e024eccf8561a924cacc0f1afcf4478ca06b4405680583e28a25527e5c9
SSDEEP

1536:nZ5nYh12yUkC2D8OQn2IqM6gikWDc2EnmoKsaACE2D8OQn2IqM20EQwLMncqHL4D:njYh5UkC2D8OQn2IqM6gikWDc2EnmoKJ

Score

1^/10

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

rundll32.exe

description pid process

Token: SeRestorePrivilege 1944 rundll32.exe
Token: SeBackupPrivilege 1944 rundll32.exe
Token: SeDebugPrivilege 1944 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1856 wrote to memory of 1944	1856	rundll32.exe	rundll32.exe
PID 1856 wrote to memory of 1944	1856	rundll32.exe	rundll32.exe
PID 1856 wrote to memory of 1944	1856	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Android Image Kitchen\android_win_tools\cygbz2-1.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Android Image Kitchen\android_win_tools\cygbz2-1.dll",#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1944

memory/1944-133-0x0000000065F50000-0x0000000065F67000-memory.dmp

Filesize
92KB

Download
memory/1944-134-0x0000000061000000-0x00000000614F0000-memory.dmp

Filesize
4.9MB

Download