767f16a4918e7d8d06d4f49bfc06a209e71fbf9dd6ff830befb8e88287a3ac5a

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2023, 03:12

Target

767f16a4918e7d8d06d4f49bfc06a209e71fbf9dd6ff830befb8e88287a3ac5a.dll
Size

1.6MB
MD5

eb3fe97fae733739cf599f8217c8cc70
SHA1

a97e15506ac400a9069e7e2333c28c646b97e2c0
SHA256

767f16a4918e7d8d06d4f49bfc06a209e71fbf9dd6ff830befb8e88287a3ac5a
SHA512

79c318fb951a2cd8280b31a652ce9b2def5eaa196154d9c2f2adee831571959fe88e70b78d3cd190c4fd1da2973215bc3d880fba4dfc5d6c78582d0c5c0fbae0
SSDEEP

12288:174g2LDeiPDImOkx2LIaQOp+UUUUUg01PkyfEQQjYjuD:185LlP0mOkx2LFzIUUUUUOYjK

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4552	rundll32.exe
Token: SeTcbPrivilege	4552	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 4552	400	rundll32.exe	84
PID 400 wrote to memory of 4552	400	rundll32.exe	84
PID 400 wrote to memory of 4552	400	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\767f16a4918e7d8d06d4f49bfc06a209e71fbf9dd6ff830befb8e88287a3ac5a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\767f16a4918e7d8d06d4f49bfc06a209e71fbf9dd6ff830befb8e88287a3ac5a.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4552