0d03f84677e988afda2e19b7deeef2b00aca48481af65ce73fb1bc0bb32493d4

Analysis

max time kernel
147s
max time network
59s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 00:35

Target

08b4f408a7d69acb2e36338a9f93014b.dll
Size

218KB
MD5

08b4f408a7d69acb2e36338a9f93014b
SHA1

dc0a5506c48f082ef7d9eb916e392162c2028352
SHA256

0d03f84677e988afda2e19b7deeef2b00aca48481af65ce73fb1bc0bb32493d4
SHA512

dffc47a83f25ff11801d6fd2b0f895c1687e8c2e4f3a9d10a0d4374969c82a5e1074edf764eaa1975d35577a11f2be2c326564ab5b83078c726b4f2cd79639a7
SSDEEP

3072:rnarfZWf7yrC8UbgHOj5nmz78s9PhlGA/pUENiJyqtr/cfNBgTBfsMnQloy:rnalRAguj5E7V9PGAOAUYgTBUMO

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2348	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2348	2932	rundll32.exe	14
PID 2932 wrote to memory of 2348	2932	rundll32.exe	14
PID 2932 wrote to memory of 2348	2932	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\08b4f408a7d69acb2e36338a9f93014b.dll,#1
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2348

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\08b4f408a7d69acb2e36338a9f93014b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2932

memory/2348-0-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download