bfaf2e1d0fd5d0ca0ce1c91d5fa82e4c179dbc7b40f764a48fc586d9e6d5ead0

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 12:41

Target

bfaf2e1d0fd5d0ca0ce1c91d5fa82e4c179dbc7b40f764a48fc586d9e6d5ead0.dll
Size

397KB
MD5

c6a3b0cce4b28e8656b4b4a840b0c504
SHA1

be10f9b3354f96df8834dce721609634c428c91f
SHA256

bfaf2e1d0fd5d0ca0ce1c91d5fa82e4c179dbc7b40f764a48fc586d9e6d5ead0
SHA512

3831eab8addae4a3ae4d0964e4b19d4a11d7f9879d50b3efbce7059a8bbdbc7d0e012e0bf5792927c2ae4e1269fe0b80862186ff5205a6b2ed63d90d4f89cc8d
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaO:174g2LDeiPDImOkx2LIaO

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3240	rundll32.exe
Token: SeTcbPrivilege	3240	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 3240	2076	rundll32.exe	89
PID 2076 wrote to memory of 3240	2076	rundll32.exe	89
PID 2076 wrote to memory of 3240	2076	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bfaf2e1d0fd5d0ca0ce1c91d5fa82e4c179dbc7b40f764a48fc586d9e6d5ead0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bfaf2e1d0fd5d0ca0ce1c91d5fa82e4c179dbc7b40f764a48fc586d9e6d5ead0.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3240