aa66e71f875684e592e3fe2cfdeb76a2458222c84a0631abb2f34beb4cddc6f2

Analysis

max time kernel
130s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 05:45

Target

2a876089433392e0d56c7352b221da51.dll
Size

46KB
MD5

2a876089433392e0d56c7352b221da51
SHA1

9868ee3f8b5bd898365fc287e750f794573647e9
SHA256

aa66e71f875684e592e3fe2cfdeb76a2458222c84a0631abb2f34beb4cddc6f2
SHA512

2c9a9a4a47c25b9a1036cdeb87f745239badb7c8bc4644c9d66bb2492a5e41eb6c53e4a65ef27755aa799e2b4a988ec513074800f27b4def80674e5fbe9d3e20
SSDEEP

768:0YK9yzLhSl5VMw8+5C0T/71/5L2drX9aUBwLOSo5+icyMFgbw6:03oL0Ho0TDL2RsUWdqu6

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4836	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 4836	1884	rundll32.exe	14
PID 1884 wrote to memory of 4836	1884	rundll32.exe	14
PID 1884 wrote to memory of 4836	1884	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a876089433392e0d56c7352b221da51.dll,#1
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4836

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a876089433392e0d56c7352b221da51.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1884