4d267c484290d853547eb5dd42a10b6f10bf8e51122fff21c63f50e733c5305b

Analysis

max time kernel
139s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
15/11/2023, 09:01

Target

4d267c484290d853547eb5dd42a10b6f10bf8e51122fff21c63f50e733c5305b.dll
Size

816KB
MD5

664492095d07bf8c0d98266e85403011
SHA1

bb6d5264bb9e10fcb18a31aa6dea7647cf5ae9e5
SHA256

4d267c484290d853547eb5dd42a10b6f10bf8e51122fff21c63f50e733c5305b
SHA512

0ea0e7797d14f8bd9bfb50e204030d768399d2b634b15d3f6eccbc782d12153f8cbf0f6c041a6313461666a16221dce0ecb65e73153370476a17fa8b6b4363cb
SSDEEP

12288:DZZM9CLJ/rdk0vZJ9B+6Hf99iPRPLZ1355xQOweee7cxT:DQoJjd9ZL0Af99ipTH55xQOweeeAxT

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4996	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4996	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4340 wrote to memory of 4996	4340	rundll32.exe	58
PID 4340 wrote to memory of 4996	4340	rundll32.exe	58
PID 4340 wrote to memory of 4996	4340	rundll32.exe	58

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d267c484290d853547eb5dd42a10b6f10bf8e51122fff21c63f50e733c5305b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4340
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d267c484290d853547eb5dd42a10b6f10bf8e51122fff21c63f50e733c5305b.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4996