15086f4ca115f64cae19eea62e7c7aef187658e766cc6330d8b17b501659a6fb | Triage

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 13:04

Sharing

Report Analysis Logs

General

Target

1962a7103c37ee110ccc5651a79a2208.dll
Size

23KB
MD5

1962a7103c37ee110ccc5651a79a2208
SHA1

2da7231281a04e7c8576f6a6eb8a9ff68ab55f78
SHA256

15086f4ca115f64cae19eea62e7c7aef187658e766cc6330d8b17b501659a6fb
SHA512

30d9792a2aa372554152ece3dcddc9b7b7d75785f706edafbffc82ee73656144f67297614f3198a552170b44926f33a8cf2edf6e837d3ffcbbe7d455ab3533c5
SSDEEP

384:dm8i0UgXbYLI/qHcrSWUymJkWD7coaoFjZ+bXGgfRpKiv:dmZav29vcoFZ+S6R7

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4920	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 4920	4716	rundll32.exe	14
PID 4716 wrote to memory of 4920	4716	rundll32.exe	14
PID 4716 wrote to memory of 4920	4716	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1962a7103c37ee110ccc5651a79a2208.dll,#1
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4920

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1962a7103c37ee110ccc5651a79a2208.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads