be41dfeca43c14c5f185e99eb5861d04140dcbb1e29b34f35f047bcf1c6cfd28

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
13-07-2023 14:06

Target

5cc8c9f2c9cee543ebac306951e30e63eff3ee103c62dadcd2ce43ef68bc7487.dll
Size

377KB
MD5

89c8afc5bbd34f160d8a2b7218b9ca4a
SHA1

16ecf30ff8c7887037a17a3eaffcb17145b69160
SHA256

5cc8c9f2c9cee543ebac306951e30e63eff3ee103c62dadcd2ce43ef68bc7487
SHA512

d3514ad875aa6174f66c0571ef29443deb0fb28ebaeb39799059354a36ad1d1613abe17f85277aae3807a327ea4e8445a7d09564d264e424fea561ee753cc13c
SSDEEP

6144:2VE9aLDdi6s59zSWSvbcIwjeyEzMqD/WTdKj7O2dEwq6bqV124Kk9:yE4XbsHzSW+ZzMqDuQple124T9

Score

8^/10

Blocklisted process makes network request 21 IoCs

Processes:

rundll32.exe

Drops file in Windows directory 1 IoCs

Processes:

rundll32.exe

description ioc process

File created C:\Windows\Tasks\NvTmRep_CrashReport4_{F2FE1952-0186-36D3-AAHC-CB80CA35AH5B6}.job rundll32.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

rundll32.exe

pid process

4452 rundll32.exe
4452 rundll32.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

rundll32.exe

description pid process

Token: SeDebugPrivilege 4452 rundll32.exe
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

description	ioc	process
File created	C:\Windows\Tasks\NvTmRep_CrashReport4_{F2FE1952-0186-36D3-AAHC-CB80CA35AH5B6}.job	rundll32.exe

pid	process
4452	rundll32.exe
4452	rundll32.exe

description	pid	process
Token: SeDebugPrivilege	4452	rundll32.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact