3e3d4791e11e0ede728fbd77846c9697bab21142c3020c65c8cc6769968ed7e0

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 07:48

Target

432583d2bdd51fcc8f150ee359e2f48a.dll
Size

752KB
MD5

432583d2bdd51fcc8f150ee359e2f48a
SHA1

9afc6b4284409a37da2e7a23a79cf96bd4692d95
SHA256

3e3d4791e11e0ede728fbd77846c9697bab21142c3020c65c8cc6769968ed7e0
SHA512

6cc8a2b0046c36c73e10143d306107cf5fbc9686516e4a3df30b9cc3917d0c19a0e22e3b30bac25a9c1c6ea41fc08aabf32fe4e2fd9cbdda383ac0346ca60301
SSDEEP

12288:OTxj9RXZQ+ce+cG5YCQk6w5bo9ED0zm0xi+np8hZxW5QM6wGZjhZ3/xE:OVZRXG+zD2Qj/q0xi+p80Dajv

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	628	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 628	2200	rundll32.exe	15
PID 2200 wrote to memory of 628	2200	rundll32.exe	15
PID 2200 wrote to memory of 628	2200	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\432583d2bdd51fcc8f150ee359e2f48a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\432583d2bdd51fcc8f150ee359e2f48a.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:628

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/628-0-0x0000000002130000-0x0000000002304000-memory.dmp

Filesize
1.8MB

Download
memory/628-1-0x0000000002130000-0x0000000002304000-memory.dmp

Filesize
1.8MB

Download
memory/628-2-0x0000000002310000-0x00000000024E4000-memory.dmp

Filesize
1.8MB

Download
memory/628-3-0x0000000002130000-0x0000000002304000-memory.dmp

Filesize
1.8MB

Download
memory/628-4-0x0000000002130000-0x0000000002304000-memory.dmp

Filesize
1.8MB

Download
memory/628-6-0x0000000002310000-0x00000000024E4000-memory.dmp

Filesize
1.8MB

Download