7dfa9b34f3647f56c5508cb86800fc35ae504b499826efa01f4d8bca0c4176dc

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 08:34

Target

1249410eeed6e62d2c69053f0a0edd2b.dll
Size

162KB
MD5

1249410eeed6e62d2c69053f0a0edd2b
SHA1

ac87a27e66c1a75a069ce08b35fbcbbb2d88877a
SHA256

7dfa9b34f3647f56c5508cb86800fc35ae504b499826efa01f4d8bca0c4176dc
SHA512

3261d595f6afca9e44411f839d52a1487107b4f893de00b1b0086257f74beb30c17491cf9506af37c3b1e0f5f8f8000fd29e74b3ce3bdf0b85b1615a46e20e3c
SSDEEP

3072:vEZB94/pzXckR9TsCz8fjfkjJmh02zW7GDkHxSmwAg:vGABzMg9ngQ1mh07ywS7Ag

Score

8^/10

Blocklisted process makes network request 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1848	rundll32.exe
Token: SeDebugPrivilege	1848	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 1848	8	rundll32.exe	61
PID 8 wrote to memory of 1848	8	rundll32.exe	61
PID 8 wrote to memory of 1848	8	rundll32.exe	61

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1249410eeed6e62d2c69053f0a0edd2b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:8
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1249410eeed6e62d2c69053f0a0edd2b.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious use of AdjustPrivilegeToken
  PID:1848

memory/1848-3-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1848-4-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1848-5-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1848-6-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1848-7-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1848-9-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1848-10-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1848-13-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1848-15-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download