774dedd605c111baf313ee81be57f35ed76499281450a931e10fe9617fe81e73 | Triage

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 14:44

Sharing

Report Analysis Logs

General

Target

269e4e605ee34f0bb6e149bf952bce27.dll
Size

32KB
MD5

269e4e605ee34f0bb6e149bf952bce27
SHA1

64653741341e9d46091f5840af77203b6f1ca3c8
SHA256

774dedd605c111baf313ee81be57f35ed76499281450a931e10fe9617fe81e73
SHA512

6afef143032bc46a8d8bc040cd19c871305bf88e84ec51d83b762837a08d5ddc914ce772e3c27d3bc40356658470a08e918887dd64c994fa8dbce6dd68adb304
SSDEEP

768:upCmoi6qZOpQB5ZpOc06HCMH/sJ2Fvu7s9C84ZZ:ugmv6qZ4QxpP0AtH0J6O

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5096	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 5096	436	rundll32.exe	14
PID 436 wrote to memory of 5096	436	rundll32.exe	14
PID 436 wrote to memory of 5096	436	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\269e4e605ee34f0bb6e149bf952bce27.dll,#1
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5096

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\269e4e605ee34f0bb6e149bf952bce27.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads