1c8f873111ff21df9ceb22a3bded93552dd44e90b313d82b4a9a4db561e83676

Analysis

max time kernel
145s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 12:52

Target

1c8f873111ff21df9ceb22a3bded93552dd44e90b313d82b4a9a4db561e83676.dll
Size

397KB
MD5

b2ba0c4d343c744f2e2e26b000df50bc
SHA1

60a688ec805a6bd3462afb506f8e01657d32cbf4
SHA256

1c8f873111ff21df9ceb22a3bded93552dd44e90b313d82b4a9a4db561e83676
SHA512

d5a81c15e7dffb5cbbe7105e38e6fe457e3b525191f1f0bb1a9bf126c4477b51bcae815ada3cee0eaa67e2c2134c6f116351a53c83d8df9da9d32ff7c0065c7d
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaP:174g2LDeiPDImOkx2LIaP

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3380	rundll32.exe
Token: SeTcbPrivilege	3380	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 3380	2424	rundll32.exe	88
PID 2424 wrote to memory of 3380	2424	rundll32.exe	88
PID 2424 wrote to memory of 3380	2424	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c8f873111ff21df9ceb22a3bded93552dd44e90b313d82b4a9a4db561e83676.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c8f873111ff21df9ceb22a3bded93552dd44e90b313d82b4a9a4db561e83676.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3380