6a4aea06faab2fb3298ddec4f9828f5b268117475180a6715b4d966a32386495

Analysis

max time kernel
145s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2024 16:15

Target

6a4aea06faab2fb3298ddec4f9828f5b268117475180a6715b4d966a32386495.dll
Size

397KB
MD5

86be7badc4ce42552d3201485427c8e1
SHA1

ba50d477a587149da112ca59f2dc238650f5b5c8
SHA256

6a4aea06faab2fb3298ddec4f9828f5b268117475180a6715b4d966a32386495
SHA512

27b55a3ab648117e44832bf46b79909738972f52765f199231351eb119b4a742e736fa63c1b3e2437247a5efa7b6c31d6240f0c22b197a8d59df82d2d6badb84
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaQ:174g2LDeiPDImOkx2LIaQ

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	448	rundll32.exe
Token: SeTcbPrivilege	448	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4292 wrote to memory of 448	4292	rundll32.exe	16
PID 4292 wrote to memory of 448	4292	rundll32.exe	16
PID 4292 wrote to memory of 448	4292	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a4aea06faab2fb3298ddec4f9828f5b268117475180a6715b4d966a32386495.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a4aea06faab2fb3298ddec4f9828f5b268117475180a6715b4d966a32386495.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:448