8ef15379d1e725d7150f4be7e45f19cb4561dd0e783ba5abd38652ee529e0f9d

Analysis

max time kernel
149s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 12:01

Target

8ef15379d1e725d7150f4be7e45f19cb4561dd0e783ba5abd38652ee529e0f9d.dll
Size

397KB
MD5

3b77bb398919fa4e6714371c29b9eff0
SHA1

e2ae4b746da01271d7203a40dd84d25cb4809116
SHA256

8ef15379d1e725d7150f4be7e45f19cb4561dd0e783ba5abd38652ee529e0f9d
SHA512

c4660ce21403a1fe6f5dfc662fac84f53e4f7674dea5bec9fccf679b66da9c7ee70f8d6e1344489d6a96eefc6aec5967ed36c0dfbef0313a23007b3f6aa73865
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOau:174g2LDeiPDImOkx2LIau

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4544	rundll32.exe
Token: SeTcbPrivilege	4544	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 4544	1616	rundll32.exe	85
PID 1616 wrote to memory of 4544	1616	rundll32.exe	85
PID 1616 wrote to memory of 4544	1616	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ef15379d1e725d7150f4be7e45f19cb4561dd0e783ba5abd38652ee529e0f9d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ef15379d1e725d7150f4be7e45f19cb4561dd0e783ba5abd38652ee529e0f9d.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4544