0ff4d360ee17be6547d36eb7fe027777575c83f011714eac0a0994c801ee37ff

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 07:53

Target

0ff4d360ee17be6547d36eb7fe027777575c83f011714eac0a0994c801ee37ff.dll
Size

397KB
MD5

4f7c20fcce0f8f4fbb00ed7dc1a32617
SHA1

ab689b2237cda5011e9208ca32fcaf3fdf7f106b
SHA256

0ff4d360ee17be6547d36eb7fe027777575c83f011714eac0a0994c801ee37ff
SHA512

a5ef1d6bf2494d78f1e25f30d8db71cd3140ddea74e8acceaa7b42c7de2b251781d2de511e067f288bb00dac8eb22818724512e57a7ae2c833dd1109f949292f
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOan:174g2LDeiPDImOkx2LIan

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3160	rundll32.exe
Token: SeTcbPrivilege	3160	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 3160	2248	rundll32.exe	88
PID 2248 wrote to memory of 3160	2248	rundll32.exe	88
PID 2248 wrote to memory of 3160	2248	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ff4d360ee17be6547d36eb7fe027777575c83f011714eac0a0994c801ee37ff.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0ff4d360ee17be6547d36eb7fe027777575c83f011714eac0a0994c801ee37ff.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3160