e2ebfddba7cd85f9bbe61c64d5b3040c0047320ebe18808723fb33496b18a6f9

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/01/2024, 07:43

Target

e2ebfddba7cd85f9bbe61c64d5b3040c0047320ebe18808723fb33496b18a6f9.dll
Size

397KB
MD5

22ab7848fa43352bee2f2a6b606df162
SHA1

99f15bf13c8c30fcdda0e3a0da9bf94c1c4dac3d
SHA256

e2ebfddba7cd85f9bbe61c64d5b3040c0047320ebe18808723fb33496b18a6f9
SHA512

ab025c7813556fdb174de462ed42ffa21e534fb436cf454591628a08fdd6c7b1f3e4825c5a9220604ea1b062be135a41e64a6125837e80414a2367ce51c9c28c
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaG:174g2LDeiPDImOkx2LIaG

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3756	3736	WerFault.exe	14

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3736	rundll32.exe
Token: SeTcbPrivilege	3736	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 3736	3480	rundll32.exe	14
PID 3480 wrote to memory of 3736	3480	rundll32.exe	14
PID 3480 wrote to memory of 3736	3480	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2ebfddba7cd85f9bbe61c64d5b3040c0047320ebe18808723fb33496b18a6f9.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 716
  2⤵
  - Program crash
  PID:3756

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2ebfddba7cd85f9bbe61c64d5b3040c0047320ebe18808723fb33496b18a6f9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3736 -ip 3736
1⤵
PID:4356