641aa0fd53c92035cba6fd776ebe9d4e6db4ddecc153fa35d996212856c13ffa

Analysis

max time kernel
118s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14-10-2023 01:47

Target

641aa0fd53c92035cba6fd776ebe9d4e6db4ddecc153fa35d996212856c13ffa.dll
Size

4.3MB
MD5

7173061743ef870850ffe3b40b102f41
SHA1

fb19ff60693274b67706c575ca907b8796d3bef9
SHA256

641aa0fd53c92035cba6fd776ebe9d4e6db4ddecc153fa35d996212856c13ffa
SHA512

9e66277a9d7e5f05aade33c93dfc5ed89846f17d9a4e43636c696d25a3e65f46616fea6a73f1e0471fbd0c1e8232d43941ed16b9432f8545f88b293beaa88522
SSDEEP

98304:pzjN0yrpR3fSyKUsA29AzaefhjzbWMSK0B/uWHbLVf:AKSJVAxbq/DNf

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
11	1064	rundll32.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WindowSystemNewUpdate72.log	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1064	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 1064	4876	rundll32.exe	82
PID 4876 wrote to memory of 1064	4876	rundll32.exe	82
PID 4876 wrote to memory of 1064	4876	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\641aa0fd53c92035cba6fd776ebe9d4e6db4ddecc153fa35d996212856c13ffa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\641aa0fd53c92035cba6fd776ebe9d4e6db4ddecc153fa35d996212856c13ffa.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  PID:1064