03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 11:41

Target

03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9.dll
Size

397KB
MD5

d7af76201066a059719e1103fbbe4805
SHA1

aac00a2e37a4460b4ff392a702238712b550e279
SHA256

03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9
SHA512

5e3d17ebd344a7f3261fe9441a97fb7f78ae15d45425539dc50f42de42c456581a7c64d29c6db449e6cfce78fec250f0fbe47b7a69aa5caea1cedbdd3f344b42
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaQ:174g2LDeiPDImOkx2LIaQ

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1580	rundll32.exe
Token: SeTcbPrivilege	1580	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3936 wrote to memory of 1580	3936	rundll32.exe	91
PID 3936 wrote to memory of 1580	3936	rundll32.exe	91
PID 3936 wrote to memory of 1580	3936	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\03a48a159e448ddbebabc6908b0ebc57e5f3ceca42552f5894c11f24c459c0b9.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1580