463dc9aa44572a927853069e57a912f4f9dedc44b5a3bca097187c9868a60912

Analysis

max time kernel
145s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 11:24

Target

463dc9aa44572a927853069e57a912f4f9dedc44b5a3bca097187c9868a60912.dll
Size

397KB
MD5

d2d7af3066c9d81ad8db2476cf780e76
SHA1

d501a931a8a4926559833b040a810f71fb082ac8
SHA256

463dc9aa44572a927853069e57a912f4f9dedc44b5a3bca097187c9868a60912
SHA512

f402876da259d1defd2d7d6fb021d9405574a7ecbe27e0e8340987a784d5e7d28db63c2e0a7df1295fde09b095b6a3ea2b0c11ee008be528a55d8dfe1ad34227
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOai:174g2LDeiPDImOkx2LIai

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2916	rundll32.exe
Token: SeTcbPrivilege	2916	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 2916	3440	rundll32.exe	91
PID 3440 wrote to memory of 2916	3440	rundll32.exe	91
PID 3440 wrote to memory of 2916	3440	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\463dc9aa44572a927853069e57a912f4f9dedc44b5a3bca097187c9868a60912.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\463dc9aa44572a927853069e57a912f4f9dedc44b5a3bca097187c9868a60912.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2916