a2a4f59ecd3edcb9b08dbcc821de6088a6d6e6f67d6b59cfbc4b97fee53042cc

Analysis

max time kernel
146s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 02:45

Target

24ff001bba9f90d837de88a889da1d1d.dll
Size

87KB
MD5

24ff001bba9f90d837de88a889da1d1d
SHA1

b59db1160084401a6808182f35da7fba5c1932a1
SHA256

a2a4f59ecd3edcb9b08dbcc821de6088a6d6e6f67d6b59cfbc4b97fee53042cc
SHA512

f92820e750b1219a3146458331580b6dca6f4dfced28e1f412b8f76671772c71eab8e95b780cdd6764e43c9242c914248df75dc5bf178bbe38e5c23458cc54d4
SSDEEP

1536:0VLjixx93H9j2vdl5sXZgDbgznDUMpf62p8hth4Cvyh9VyVn+ZqOGjGS3:C/ixx9X9CvPCEYm/h4CvyNyVn0yGS3

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1384	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 8 wrote to memory of 1384	8	rundll32.exe	87
PID 8 wrote to memory of 1384	8	rundll32.exe	87
PID 8 wrote to memory of 1384	8	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\24ff001bba9f90d837de88a889da1d1d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:8
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\24ff001bba9f90d837de88a889da1d1d.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1384