e2edbdd330016e723a031534c0ca0d4b5d7a209bf973ed67cde1ea611bbee08c

Analysis

max time kernel
147s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 12:35

Target

e2edbdd330016e723a031534c0ca0d4b5d7a209bf973ed67cde1ea611bbee08c.dll
Size

397KB
MD5

afa15fa1b5bfbf98de7fecd4e4dca471
SHA1

d7559e9ec3aab5c54d879c4b5ca4ae374d56f32e
SHA256

e2edbdd330016e723a031534c0ca0d4b5d7a209bf973ed67cde1ea611bbee08c
SHA512

5b1ea00ab4d4c74f6db652fdac3a948e5165d7cc9f4cd266278f6dded7fccb9f0c0daaf86793d67dd87c057fe6f3aa707401bbc6d5f085ef65326d6c2557029a
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOa3:174g2LDeiPDImOkx2LIa3

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
820	1952	WerFault.exe	86

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1952	rundll32.exe
Token: SeTcbPrivilege	1952	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 1952	3300	rundll32.exe	86
PID 3300 wrote to memory of 1952	3300	rundll32.exe	86
PID 3300 wrote to memory of 1952	3300	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2edbdd330016e723a031534c0ca0d4b5d7a209bf973ed67cde1ea611bbee08c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e2edbdd330016e723a031534c0ca0d4b5d7a209bf973ed67cde1ea611bbee08c.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1952
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 696
    3⤵
    - Program crash
    PID:820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1952 -ip 1952
1⤵
PID:5112