e603f6e04d54113ab943fb3cf1e5b061393ecfbc8acc5940bf0fae50d14aac8f

Analysis

max time kernel
186s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 14:27

Target

00d7ccf788521b5054af1daa8839238a.dll
Size

306KB
MD5

00d7ccf788521b5054af1daa8839238a
SHA1

eccf96e59231404a9a1bf3d5d192fe2d1fbd1923
SHA256

e603f6e04d54113ab943fb3cf1e5b061393ecfbc8acc5940bf0fae50d14aac8f
SHA512

13e85671b2a99418c5f21eaeee2e4abbc4a6c2bd3e3f52760f31f9ed70986453ff91b656b5d345c56f00e8a6b65ed1f43c9637af40e7dde8e3c8f358eac7d002
SSDEEP

6144:PuGm5wUcSjz41Hlz0hyO4c9cp9PTFkwT98jhOTBOGAZj:2Gmpf/rhjwFkwT+jhOT09V

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5004	1712	WerFault.exe	89

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1712	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4736 wrote to memory of 1712	4736	rundll32.exe	89
PID 4736 wrote to memory of 1712	4736	rundll32.exe	89
PID 4736 wrote to memory of 1712	4736	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\00d7ccf788521b5054af1daa8839238a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4736
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\00d7ccf788521b5054af1daa8839238a.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1712
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 680
    3⤵
    - Program crash
    PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 1712 -ip 1712
1⤵
PID:3420