951302ec70ed0ac693aa90b9c9723ecfe97e58ac91ecb83bb2ed3e000006dc5a

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:45

Target

02278d182cc8264d57a1349034223c2b.dll
Size

77KB
MD5

02278d182cc8264d57a1349034223c2b
SHA1

a0bd35ef4b64d17c2ae683614b217b5fefda9858
SHA256

951302ec70ed0ac693aa90b9c9723ecfe97e58ac91ecb83bb2ed3e000006dc5a
SHA512

cbad9185b2112e1d2529209b2fdf51f80b74784b6a99c28d1527701928fb32a786f6c03eea6e2552d6d6f2d610374d5f0f25f2a37fe0e0723ef233dde5f1eb52
SSDEEP

1536:DBYyqyQpzJhaEmUFVV9rWmF5j65kzVS41XBt8WLu:VIPbmUFVV9rj52bmv8W

Score

1^/10

Suspicious use of AdjustPrivilegeToken 21 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	1844	rundll32.exe
Token: SeSecurityPrivilege	1844	rundll32.exe
Token: SeTakeOwnershipPrivilege	1844	rundll32.exe
Token: SeLoadDriverPrivilege	1844	rundll32.exe
Token: SeSystemProfilePrivilege	1844	rundll32.exe
Token: SeSystemtimePrivilege	1844	rundll32.exe
Token: SeProfSingleProcessPrivilege	1844	rundll32.exe
Token: SeIncBasePriorityPrivilege	1844	rundll32.exe
Token: SeCreatePagefilePrivilege	1844	rundll32.exe
Token: SeBackupPrivilege	1844	rundll32.exe
Token: SeRestorePrivilege	1844	rundll32.exe
Token: SeShutdownPrivilege	1844	rundll32.exe
Token: SeDebugPrivilege	1844	rundll32.exe
Token: SeSystemEnvironmentPrivilege	1844	rundll32.exe
Token: SeRemoteShutdownPrivilege	1844	rundll32.exe
Token: SeUndockPrivilege	1844	rundll32.exe
Token: SeManageVolumePrivilege	1844	rundll32.exe
Token: 33	1844	rundll32.exe
Token: 34	1844	rundll32.exe
Token: 35	1844	rundll32.exe
Token: 36	1844	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 1844	2508	rundll32.exe	77
PID 2508 wrote to memory of 1844	2508	rundll32.exe	77
PID 2508 wrote to memory of 1844	2508	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\02278d182cc8264d57a1349034223c2b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\02278d182cc8264d57a1349034223c2b.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1844

memory/1844-0-0x0000000077352000-0x0000000077353000-memory.dmp

Filesize
4KB

Download
memory/1844-1-0x0000000077352000-0x0000000077353000-memory.dmp

Filesize
4KB

Download
memory/1844-2-0x0000000076380000-0x0000000076470000-memory.dmp

Filesize
960KB

Download
memory/1844-3-0x0000000076380000-0x0000000076470000-memory.dmp

Filesize
960KB

Download