13ebc58483ffd78ed294096ebcb7020c422ca63576b8312d743451387996201e

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
13-06-2023 10:37

Target

ff8c8c8bfba5f2ba2f8003255949678df209dbff95e16f2f3c338cfa0fd1b885.dll
Size

490KB
MD5

b7fed593e8eb3646f876367b56725e6c
SHA1

9e7a2464f53ce74d840eb84077472bc29fd1ba05
SHA256

ff8c8c8bfba5f2ba2f8003255949678df209dbff95e16f2f3c338cfa0fd1b885
SHA512

ef102b4d26a3db6064ad35d2d42f1b3a075c603dd2454fff41092863e5373e3a77d1d230902767798683a9e8b2d53cf7dd5f5fcf82738ababca39df60b2a2a86
SSDEEP

12288:eYLqJ60GhUrH16yGIalE1LYNj/OuoU+f8Q3lDlKx/4ux0SQmG:bqM0GhUrHMUYNj/OuoVf8QVDG/NG

Score

8^/10

Blocklisted process makes network request 21 IoCs

Processes:

rundll32.exe

Drops file in Windows directory 1 IoCs

Processes:

rundll32.exe

description ioc process

File created C:\Windows\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-36D3-AAHC-AB80CA35AH5B6}.job rundll32.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

832 rundll32.exe
832 rundll32.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

rundll32.exe

description pid process

Token: SeDebugPrivilege 832 rundll32.exe
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

description	ioc	process
File created	C:\Windows\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-36D3-AAHC-AB80CA35AH5B6}.job	rundll32.exe

pid	process
832	rundll32.exe
832	rundll32.exe

description	pid	process
Token: SeDebugPrivilege	832	rundll32.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact