c0c75333ee0fc54167936b0ab4534f9b0deda37c3a7f2523a7e34bf049762f97

Analysis

max time kernel
165s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 11:32

Target

c0c75333ee0fc54167936b0ab4534f9b0deda37c3a7f2523a7e34bf049762f97.dll
Size

397KB
MD5

02c771d4c5b644432ef09559eb7ca12b
SHA1

8a564ca6aaca27bc6141c508e1e5d7b6ef53d280
SHA256

c0c75333ee0fc54167936b0ab4534f9b0deda37c3a7f2523a7e34bf049762f97
SHA512

3b84ccf347097d6a6dcfb3905d63da71c7307f034ac5875c4e7eebdff9d2cbb03f5b9016d72040fc0e7bc3f378a0f04b29993f8f4d8ed8c3adb1b374fa828eee
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaw:174g2LDeiPDImOkx2LIaw

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3480	rundll32.exe
Token: SeTcbPrivilege	3480	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 3480	5096	rundll32.exe	90
PID 5096 wrote to memory of 3480	5096	rundll32.exe	90
PID 5096 wrote to memory of 3480	5096	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0c75333ee0fc54167936b0ab4534f9b0deda37c3a7f2523a7e34bf049762f97.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0c75333ee0fc54167936b0ab4534f9b0deda37c3a7f2523a7e34bf049762f97.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3480