156687a11f59eda9f1b07eb2d064ad4537ff817b0e292f246dcf92fcc044a8dd

Analysis

max time kernel
201s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 12:32

Target

156687a11f59eda9f1b07eb2d064ad4537ff817b0e292f246dcf92fcc044a8dd.dll
Size

397KB
MD5

c28243eaa4ad3f7932b68727ff49846a
SHA1

b02384130ad94d7122d73c755d531328cf26c16b
SHA256

156687a11f59eda9f1b07eb2d064ad4537ff817b0e292f246dcf92fcc044a8dd
SHA512

a3eb84e5fc5537e1e85ac123d90170829871e3697d16e371d0e44676a59542f33b223fdf39f716acb1d2a2d6be96eca5348e9f1d73cde385459c264ae312ebbd
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaq:174g2LDeiPDImOkx2LIaq

Score

1^/10

Suspicious behavior: EnumeratesProcesses 6 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	5020	rundll32.exe
Token: SeTcbPrivilege	5020	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3416 wrote to memory of 5020	3416	rundll32.exe	89
PID 3416 wrote to memory of 5020	3416	rundll32.exe	89
PID 3416 wrote to memory of 5020	3416	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\156687a11f59eda9f1b07eb2d064ad4537ff817b0e292f246dcf92fcc044a8dd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\156687a11f59eda9f1b07eb2d064ad4537ff817b0e292f246dcf92fcc044a8dd.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5020