042a7314c2db5a5612f1d0560bfdd342346ec35bdddbe270959e5bab7a43c14a

Analysis

max time kernel
112s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 16:10

Target

042a7314c2db5a5612f1d0560bfdd342346ec35bdddbe270959e5bab7a43c14a.dll
Size

397KB
MD5

fa1b0d9e04577880c23f64e96ce75384
SHA1

1e9b7288ceaff33432ce0892294e91f5836344eb
SHA256

042a7314c2db5a5612f1d0560bfdd342346ec35bdddbe270959e5bab7a43c14a
SHA512

9f901eefbd9fbd5f41048781a73238207251cc424e0f7a82cafa99229ab1b28c3ffa423cb8ba991c58f11f23356ac301001c59cdde64b6adfb07a4b814f4abc2
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaX:174g2LDeiPDImOkx2LIaX

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2108	2120	WerFault.exe	54

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2120	rundll32.exe
Token: SeTcbPrivilege	2120	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 2120	1852	rundll32.exe	54
PID 1852 wrote to memory of 2120	1852	rundll32.exe	54
PID 1852 wrote to memory of 2120	1852	rundll32.exe	54

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\042a7314c2db5a5612f1d0560bfdd342346ec35bdddbe270959e5bab7a43c14a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\042a7314c2db5a5612f1d0560bfdd342346ec35bdddbe270959e5bab7a43c14a.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2120
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 716
    3⤵
    - Program crash
    PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2120 -ip 2120
1⤵
PID:1460