cfc674214cdb78a69ca65851c284ea9dbb6ccc70bcfd1963b5b4a80fa662343d

Analysis

max time kernel
130s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 13:56

Target

cfc674214cdb78a69ca65851c284ea9dbb6ccc70bcfd1963b5b4a80fa662343d.dll
Size

397KB
MD5

49d38b7a37e00fcb11a460e87cbc55ae
SHA1

556d033d9b6307eb5e7d696f354db456e1e52196
SHA256

cfc674214cdb78a69ca65851c284ea9dbb6ccc70bcfd1963b5b4a80fa662343d
SHA512

d70543811f87f0439ae00959604995382c3643947583352f23de5d47271c702572e0c3989d4afc1b8ba881360fdadfa167f4b571ea850c66d67e96222c85d8dc
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaz:174g2LDeiPDImOkx2LIaz

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4852	rundll32.exe
Token: SeTcbPrivilege	4852	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4348 wrote to memory of 4852	4348	rundll32.exe	14
PID 4348 wrote to memory of 4852	4348	rundll32.exe	14
PID 4348 wrote to memory of 4852	4348	rundll32.exe	14

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfc674214cdb78a69ca65851c284ea9dbb6ccc70bcfd1963b5b4a80fa662343d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4348