b57a63f44b7970a4d7a14a614dfb032398c7a38065628ece1eb55fe48c086504

Analysis

max time kernel
141s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 13:54

Target

b57a63f44b7970a4d7a14a614dfb032398c7a38065628ece1eb55fe48c086504.dll
Size

397KB
MD5

557d6881dc75a7729df9b45f6a22d0f2
SHA1

06d9734ea844498c5c0caf04e6db9d9db4fbb472
SHA256

b57a63f44b7970a4d7a14a614dfb032398c7a38065628ece1eb55fe48c086504
SHA512

04b8dc59f3db05722d1b56bfb1995c486bc352e1e80098366fdb9f66243dd4b3a53b696311a33c31d82ebaf916b223f0812cc6ee4220639ece74a6c35206ffe4
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOae:174g2LDeiPDImOkx2LIae

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2944	rundll32.exe
Token: SeTcbPrivilege	2944	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 2944	4824	rundll32.exe	89
PID 4824 wrote to memory of 2944	4824	rundll32.exe	89
PID 4824 wrote to memory of 2944	4824	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b57a63f44b7970a4d7a14a614dfb032398c7a38065628ece1eb55fe48c086504.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b57a63f44b7970a4d7a14a614dfb032398c7a38065628ece1eb55fe48c086504.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2944