3b463f187cfae1a0e96cdfaaa23dddabd42c145e1908981182aa910430337a86

Analysis

max time kernel
196s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 16:41

Target

3b463f187cfae1a0e96cdfaaa23dddabd42c145e1908981182aa910430337a86.dll
Size

816KB
MD5

34ab64ffaa8a02347c8329f7d8c76ee4
SHA1

913dda0397eed350fa580e89ad2ac36ea5427eed
SHA256

3b463f187cfae1a0e96cdfaaa23dddabd42c145e1908981182aa910430337a86
SHA512

3a39de8b8287d2f7cd0a820860c28b4535cda4fb320c612b11d00623c0c76a0c5a0db60880bbdf801151fb2b6c139b6e6389bce7027b8b2bee68dc82d400cc6c
SSDEEP

12288:IwiBnssx/mm9cCNJ9bQPRcU99iPRzS55xQOweeec6:IPhxum9NLUZ599ipzS55xQOweeeR

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2608	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2608	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 2608	640	rundll32.exe	84
PID 640 wrote to memory of 2608	640	rundll32.exe	84
PID 640 wrote to memory of 2608	640	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b463f187cfae1a0e96cdfaaa23dddabd42c145e1908981182aa910430337a86.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b463f187cfae1a0e96cdfaaa23dddabd42c145e1908981182aa910430337a86.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2608