bbe374810c494d1658a64415742b22c7701abca03dd59edea5efae4b8a669228

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2023 13:59

Target

bbe374810c494d1658a64415742b22c7701abca03dd59edea5efae4b8a669228.dll
Size

397KB
MD5

ed2cd62b3dfe8722b1f1cde8838f038b
SHA1

a80fdb3f544a0c57d1d22c998c8a2bbc7aaa06ac
SHA256

bbe374810c494d1658a64415742b22c7701abca03dd59edea5efae4b8a669228
SHA512

8dc1c644d8d34308277156680b1d898b7fdd694709dd00a751d24a45f23139cda496bbcd5ece5cbd3644c8746c6dddbc7397ddcc3e1f965127bb439d39e77544
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOal:174g2LDeiPDImOkx2LIal

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	880	rundll32.exe
Token: SeTcbPrivilege	880	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3784 wrote to memory of 880	3784	rundll32.exe	55
PID 3784 wrote to memory of 880	3784	rundll32.exe	55
PID 3784 wrote to memory of 880	3784	rundll32.exe	55

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bbe374810c494d1658a64415742b22c7701abca03dd59edea5efae4b8a669228.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3784
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bbe374810c494d1658a64415742b22c7701abca03dd59edea5efae4b8a669228.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:880