e1308c1913052059310c3d8df8d323eb35f1300666fc6945b505fc3b56dd92f9

Analysis

max time kernel
139s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 12:53

Target

e1308c1913052059310c3d8df8d323eb35f1300666fc6945b505fc3b56dd92f9.dll
Size

397KB
MD5

b8b67bdbc63a31577ba825a1d8edabda
SHA1

b690135ffde58dc131a739c0cf77deb18d557432
SHA256

e1308c1913052059310c3d8df8d323eb35f1300666fc6945b505fc3b56dd92f9
SHA512

16c33360cf37584d118ad131199b2055cffc1273072db4620b3ccc058f52cceb47b014de7990d892b5d407e2a16da7bb31f848241d354c4606836a214508d3fb
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOa4:174g2LDeiPDImOkx2LIa4

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1524	rundll32.exe
Token: SeTcbPrivilege	1524	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 1524	2972	rundll32.exe	16
PID 2972 wrote to memory of 1524	2972	rundll32.exe	16
PID 2972 wrote to memory of 1524	2972	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1308c1913052059310c3d8df8d323eb35f1300666fc6945b505fc3b56dd92f9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1308c1913052059310c3d8df8d323eb35f1300666fc6945b505fc3b56dd92f9.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1524