0cfc1709cff228b0000dd81efac7e258e2726eb3fe573c36994de2264944ec32

Analysis

max time kernel
158s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 13:05

Target

0cfc1709cff228b0000dd81efac7e258e2726eb3fe573c36994de2264944ec32.dll
Size

397KB
MD5

c153a0df0e24b474362aaa8df85cce7b
SHA1

e29ce7e68081900f19319f8ea23e17a6a53e272e
SHA256

0cfc1709cff228b0000dd81efac7e258e2726eb3fe573c36994de2264944ec32
SHA512

e9bad08684722b88ce259747e9a8744aab181398194bd1ee26badb25275c90a5a33821d701263fa374a58b38a6a24a1ea674a2deafb40daf867ee8b7ea58d586
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaE:174g2LDeiPDImOkx2LIaE

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4700	rundll32.exe
Token: SeTcbPrivilege	4700	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3940 wrote to memory of 4700	3940	rundll32.exe	90
PID 3940 wrote to memory of 4700	3940	rundll32.exe	90
PID 3940 wrote to memory of 4700	3940	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cfc1709cff228b0000dd81efac7e258e2726eb3fe573c36994de2264944ec32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3940
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0cfc1709cff228b0000dd81efac7e258e2726eb3fe573c36994de2264944ec32.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4700