cf53a4437830cb5e2aeb136bd3091ee6a4b3990de6871ecaf29e0bd614a5346e

Analysis

max time kernel
140s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 11:06

Target

cf53a4437830cb5e2aeb136bd3091ee6a4b3990de6871ecaf29e0bd614a5346e.dll
Size

397KB
MD5

d1555987896287e3295968bb4a2d4751
SHA1

74bf978da081e100b06dc39faaa20389dc693a12
SHA256

cf53a4437830cb5e2aeb136bd3091ee6a4b3990de6871ecaf29e0bd614a5346e
SHA512

e23474d14ae026a56f3b2357bb89a5a3e2575540353eba82d7da4d73570b10e3654669b943f5bd4d87a4f56439431b253fb6b949fe3ea906a47ccc64e9418098
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOay:174g2LDeiPDImOkx2LIay

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	5000	rundll32.exe
Token: SeTcbPrivilege	5000	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 5000	1884	rundll32.exe	88
PID 1884 wrote to memory of 5000	1884	rundll32.exe	88
PID 1884 wrote to memory of 5000	1884	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf53a4437830cb5e2aeb136bd3091ee6a4b3990de6871ecaf29e0bd614a5346e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cf53a4437830cb5e2aeb136bd3091ee6a4b3990de6871ecaf29e0bd614a5346e.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5000