70482def975340bd5a0aef7613c130706b297e0da3b8e5d07cc99b4916d37089

Analysis

max time kernel
144s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/12/2023, 11:14

Target

70482def975340bd5a0aef7613c130706b297e0da3b8e5d07cc99b4916d37089.dll
Size

397KB
MD5

09fd16c8250ba1ac520603c5fb1b8439
SHA1

0deb3d4325722dd52e3e215fa979d77c5805e179
SHA256

70482def975340bd5a0aef7613c130706b297e0da3b8e5d07cc99b4916d37089
SHA512

683bc76a58e02d423d2a8f1b9f2086d9a60c9eb417a39b82a4f4f44be57746cb51e7dad36c7b29f4b45f3fb7cbb0e4633cb6ed3bb036bc48ef1517e5a7078662
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaN:174g2LDeiPDImOkx2LIaN

Score

1^/10

Suspicious behavior: EnumeratesProcesses 7 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4292	rundll32.exe
Token: SeTcbPrivilege	4292	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 4292	3664	rundll32.exe	80
PID 3664 wrote to memory of 4292	3664	rundll32.exe	80
PID 3664 wrote to memory of 4292	3664	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\70482def975340bd5a0aef7613c130706b297e0da3b8e5d07cc99b4916d37089.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\70482def975340bd5a0aef7613c130706b297e0da3b8e5d07cc99b4916d37089.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4292