d175edae82e3eb5f66a53f9384de0183fabd6ce9007672cb41688f29fc392b82

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2023, 19:46

Target

NEAS.1b1ded376e4506b6d14076b3f6ef5dd0.dll
Size

29KB
MD5

1b1ded376e4506b6d14076b3f6ef5dd0
SHA1

a511a966c1ed77c0a83d16314dfaa910e01a7fdc
SHA256

d175edae82e3eb5f66a53f9384de0183fabd6ce9007672cb41688f29fc392b82
SHA512

edcbcdc2375b900cdb9fab8d56038afa506c3a5e55497f4096dad7ef0c891571fe25e16e94a24e6fe78a77afad52703155b402d8b51ecb0e2b6b555db9187364
SSDEEP

384:/i3WlhWUyAA0GftpBjq1/qqg6x15l2wwi8OIunFWlwwwlJCejOJf7niPKOIim/T1:/iiDiM1/RgY1yw+gFWlE6eojiTZKT1

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3764	svchost.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.1b1ded376e4506b6d14076b3f6ef5dd0.dll,#1
1⤵
PID:836

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1668

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3764

memory/3764-0-0x0000016392C40000-0x0000016392C50000-memory.dmp

Filesize
64KB

Download
memory/3764-16-0x0000016392D40000-0x0000016392D50000-memory.dmp

Filesize
64KB

Download
memory/3764-32-0x000001639B020000-0x000001639B021000-memory.dmp

Filesize
4KB

Download
memory/3764-34-0x000001639B050000-0x000001639B051000-memory.dmp

Filesize
4KB

Download
memory/3764-35-0x000001639B050000-0x000001639B051000-memory.dmp

Filesize
4KB

Download
memory/3764-36-0x000001639B160000-0x000001639B161000-memory.dmp

Filesize
4KB

Download