86cd1cc40bbead8e603ade8e329379353b68958e8a30a1374bbb73b0cbf53556

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 14:09

Target

86cd1cc40bbead8e603ade8e329379353b68958e8a30a1374bbb73b0cbf53556.dll
Size

397KB
MD5

6a8e1f369f7f30b5e90d344e22cf422c
SHA1

f9aea0807c08f863c761601af5b097ecad67b2ef
SHA256

86cd1cc40bbead8e603ade8e329379353b68958e8a30a1374bbb73b0cbf53556
SHA512

f5963a1e47b2de126140e59dc91fb839ff79a9d30d15f89b65ef2e3aab9ead434318ad9abd85abb28511b2806a73b88837b3b66d089f8edb91c68169c5673b45
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaO:174g2LDeiPDImOkx2LIaO

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4900	rundll32.exe
Token: SeTcbPrivilege	4900	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 4900	1092	rundll32.exe	65
PID 1092 wrote to memory of 4900	1092	rundll32.exe	65
PID 1092 wrote to memory of 4900	1092	rundll32.exe	65

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\86cd1cc40bbead8e603ade8e329379353b68958e8a30a1374bbb73b0cbf53556.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\86cd1cc40bbead8e603ade8e329379353b68958e8a30a1374bbb73b0cbf53556.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4900