607e433f488934fa629479ccdb5fb396c0a72675b11e2a14477db86801e6ad57

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 16:24

Target

607e433f488934fa629479ccdb5fb396c0a72675b11e2a14477db86801e6ad57.dll
Size

397KB
MD5

9adb283a92d8aec081a830a4f8feba42
SHA1

1a907597765b8ebe19450685c53f5ecf2a65bad3
SHA256

607e433f488934fa629479ccdb5fb396c0a72675b11e2a14477db86801e6ad57
SHA512

98d546675f0630003e241fe45225c7359205c26d88dc89d498a25db25ce62a10e97a6beb3e5c6745e21b1d71ee587072dd616acb12308175176df9ad92b7541f
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOac:174g2LDeiPDImOkx2LIac

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
116	2244	WerFault.exe	85

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2244	rundll32.exe
Token: SeTcbPrivilege	2244	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 2244	4444	rundll32.exe	85
PID 4444 wrote to memory of 2244	4444	rundll32.exe	85
PID 4444 wrote to memory of 2244	4444	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\607e433f488934fa629479ccdb5fb396c0a72675b11e2a14477db86801e6ad57.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\607e433f488934fa629479ccdb5fb396c0a72675b11e2a14477db86801e6ad57.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2244
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 568
    3⤵
    - Program crash
    PID:116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2244 -ip 2244
1⤵
PID:4080