4e573dc2ef59c18064687c1dd81fc8668f8f606b7e3ae4a52e9a8ab5902af0d4

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 16:05

Target

4e573dc2ef59c18064687c1dd81fc8668f8f606b7e3ae4a52e9a8ab5902af0d4.dll
Size

397KB
MD5

c5377a79dc7f14d35547182973702659
SHA1

28bab7f57d22492a05a8ce434134bf597b0c2ab8
SHA256

4e573dc2ef59c18064687c1dd81fc8668f8f606b7e3ae4a52e9a8ab5902af0d4
SHA512

5089f9983ae2ef8a59f783cd92c68a72067e94d5de57cd573f7958d66985b89bde56b2a8f1d44d37e733602e68fc986a1dd4f016065c0242d094a54edf9843c9
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaT:174g2LDeiPDImOkx2LIaT

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3752	rundll32.exe
Token: SeTcbPrivilege	3752	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 3752	4808	rundll32.exe	89
PID 4808 wrote to memory of 3752	4808	rundll32.exe	89
PID 4808 wrote to memory of 3752	4808	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e573dc2ef59c18064687c1dd81fc8668f8f606b7e3ae4a52e9a8ab5902af0d4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e573dc2ef59c18064687c1dd81fc8668f8f606b7e3ae4a52e9a8ab5902af0d4.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3752