de71feb03382e72929933924b96826813cbe0f06e3729f2e6a96a009396679b7

Analysis

max time kernel
198s
max time network
216s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 10:38

Target

de71feb03382e72929933924b96826813cbe0f06e3729f2e6a96a009396679b7.dll
Size

397KB
MD5

26397a7d464c9090bec9c4a7f621617c
SHA1

ba95cdb1bc8a99ee7c7b5899795328b13676d39a
SHA256

de71feb03382e72929933924b96826813cbe0f06e3729f2e6a96a009396679b7
SHA512

6130d7bd7e8ff6a93e7c96547bf8c5f55e78f43e53d05864498a4bf3e4b4650db29dc31daace3287b737dc1847fa8647c6334ef64be1b2e827c3ceb9cfa98c03
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOa3:174g2LDeiPDImOkx2LIa3

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3852	rundll32.exe
Token: SeTcbPrivilege	3852	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3220 wrote to memory of 3852	3220	rundll32.exe	87
PID 3220 wrote to memory of 3852	3220	rundll32.exe	87
PID 3220 wrote to memory of 3852	3220	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\de71feb03382e72929933924b96826813cbe0f06e3729f2e6a96a009396679b7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\de71feb03382e72929933924b96826813cbe0f06e3729f2e6a96a009396679b7.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3852