33ce3f67c5596cc9c71655693445483a80a4ca8b1a1b23c41ba8eb5a233d362a

Analysis

max time kernel
143s
max time network
90s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 14:14

Target

249b075ecad5eeb3f2c801696b30f116.dll
Size

33KB
MD5

249b075ecad5eeb3f2c801696b30f116
SHA1

ccd2966059f8723e50594f7c1bf6c288bcea9e75
SHA256

33ce3f67c5596cc9c71655693445483a80a4ca8b1a1b23c41ba8eb5a233d362a
SHA512

18fffd3163cc013b1759063c51cc9917ce3603e3b256032d8a7ee9d6b186d9f1b263e513c7af6585ed27451bf594c2c8db39012821bd907e7bc368abb5e8ad28
SSDEEP

768:U+aoi6qZOpQB5ZpOc06HCMN9GT6RJ5BHUEy2YEZZEo:U+av6qZ4QxpP0AtNfRJ5BHxY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3800	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 3800	220	rundll32.exe	16
PID 220 wrote to memory of 3800	220	rundll32.exe	16
PID 220 wrote to memory of 3800	220	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\249b075ecad5eeb3f2c801696b30f116.dll,#1
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3800

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\249b075ecad5eeb3f2c801696b30f116.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:220