bd9d9b3e29baa8c4bf055fb2868a197bcfb9363d1407bff9e8651b5f66bb8bd8

Analysis

max time kernel
141s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 07:10

Target

11ce8210329e0cb7beccf59092da1226.dll
Size

12KB
MD5

11ce8210329e0cb7beccf59092da1226
SHA1

460db70cb2af705518849f91a52f3c29a9a50579
SHA256

bd9d9b3e29baa8c4bf055fb2868a197bcfb9363d1407bff9e8651b5f66bb8bd8
SHA512

0401d0ce78d5a2648138410cb81107579ef4a11c757d7ae928c5e5116e4f4ef16673e2beb9be0a55912f89b8e25255df38b9e75828826a1af4e066d5a5933b31
SSDEEP

192:ghTPKBMRxqMa3PN65UeOjPmCf/oCwJULtFpPoRB8Up26r4jcvTPIgXjlkgUw9Sl:QY0qd3l61wPRrwwvpkxp22TIg+vl

Score

1^/10

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
664	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2432	rundll32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2432	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2432	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2432	2372	rundll32.exe	87
PID 2372 wrote to memory of 2432	2372	rundll32.exe	87
PID 2372 wrote to memory of 2432	2372	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\11ce8210329e0cb7beccf59092da1226.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\11ce8210329e0cb7beccf59092da1226.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:2432

memory/2432-0-0x0000000010000000-0x0000000010016000-memory.dmp

Filesize
88KB

Download