dec9c4f97a3e0c20c223429b4b13bbe1df2f1200c4e28aa5d47ddd742942f483

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2024 11:06

Target

dec9c4f97a3e0c20c223429b4b13bbe1df2f1200c4e28aa5d47ddd742942f483.dll
Size

397KB
MD5

fd3d6e84d01aa26aa02b9f9fb4cc6daa
SHA1

e51a7b5794eee413f535cfd4c866a7ac405665d1
SHA256

dec9c4f97a3e0c20c223429b4b13bbe1df2f1200c4e28aa5d47ddd742942f483
SHA512

4af0aeced1a7b50d377ea4843610efaf838248ac593a388ca1887bd829ee38e3fe5063d49cc2b5d344b1b8d5780c7c13623ff303af8287a789b8cfedc1252663
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaw:174g2LDeiPDImOkx2LIaw

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1400	rundll32.exe
Token: SeTcbPrivilege	1400	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 1400	228	rundll32.exe	53
PID 228 wrote to memory of 1400	228	rundll32.exe	53
PID 228 wrote to memory of 1400	228	rundll32.exe	53

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dec9c4f97a3e0c20c223429b4b13bbe1df2f1200c4e28aa5d47ddd742942f483.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dec9c4f97a3e0c20c223429b4b13bbe1df2f1200c4e28aa5d47ddd742942f483.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1400