Analysis
-
max time kernel
143s -
max time network
111s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
09/01/2024, 07:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4db1a8c323e2dad89f1cb9e9ed4a1446.dll
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
4db1a8c323e2dad89f1cb9e9ed4a1446.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
4db1a8c323e2dad89f1cb9e9ed4a1446.dll
-
Size
199KB
-
MD5
4db1a8c323e2dad89f1cb9e9ed4a1446
-
SHA1
dd632cf1024f6223d7c8eb85ec846436d68f37cd
-
SHA256
4c53f8f15109b1ee27581a9e4d457e43c3c863b8fc1adae8411bbfc3440a95d1
-
SHA512
da61a5a58e8929ef77b30565ad12471589e42e11a13b4527c6a2931e2ac8a818545072a0c996fa9634dd0675143ad48df7451719e48fa7977b80d2c1e588d464
-
SSDEEP
6144:/+874kPa4aaQ+kzo8TFZAkHTbyqqDGsa+:m87HPa4aaQ+kzo8TFZAkz7qSs
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 34 IoCs
pid Process 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe 4112 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 19 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 4112 rundll32.exe Token: SeSecurityPrivilege 4112 rundll32.exe Token: SeTakeOwnershipPrivilege 4112 rundll32.exe Token: SeLoadDriverPrivilege 4112 rundll32.exe Token: SeSystemProfilePrivilege 4112 rundll32.exe Token: SeSystemtimePrivilege 4112 rundll32.exe Token: SeProfSingleProcessPrivilege 4112 rundll32.exe Token: SeIncBasePriorityPrivilege 4112 rundll32.exe Token: SeCreatePagefilePrivilege 4112 rundll32.exe Token: SeShutdownPrivilege 4112 rundll32.exe Token: SeDebugPrivilege 4112 rundll32.exe Token: SeSystemEnvironmentPrivilege 4112 rundll32.exe Token: SeRemoteShutdownPrivilege 4112 rundll32.exe Token: SeUndockPrivilege 4112 rundll32.exe Token: SeManageVolumePrivilege 4112 rundll32.exe Token: 33 4112 rundll32.exe Token: 34 4112 rundll32.exe Token: 35 4112 rundll32.exe Token: 36 4112 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4240 wrote to memory of 4112 4240 rundll32.exe 14 PID 4240 wrote to memory of 4112 4240 rundll32.exe 14 PID 4240 wrote to memory of 4112 4240 rundll32.exe 14
Processes
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4db1a8c323e2dad89f1cb9e9ed4a1446.dll,#11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4112
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\4db1a8c323e2dad89f1cb9e9ed4a1446.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4240