c602bbefcd65bcd3c6f295ee3a202cb06e4191c870b394c81e631042afcf3a96

Analysis

max time kernel
154s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2024 11:41

Target

c602bbefcd65bcd3c6f295ee3a202cb06e4191c870b394c81e631042afcf3a96.dll
Size

397KB
MD5

7c5ed7b1f566ce325493551eb7a6736c
SHA1

a7c05a37d4d6f65a42549ae5cda0bcb6e0af4db9
SHA256

c602bbefcd65bcd3c6f295ee3a202cb06e4191c870b394c81e631042afcf3a96
SHA512

a6114837a5c90db2a36fe4dfcad25705f5e29d223eb01525af700050593b99bc4f60d764af9db75126b8c8c530a57ec39bd04b97f79f90cc8e06a1a9fec5c002
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOa6:174g2LDeiPDImOkx2LIa6

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4184	rundll32.exe
Token: SeTcbPrivilege	4184	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 4184	4464	rundll32.exe	90
PID 4464 wrote to memory of 4184	4464	rundll32.exe	90
PID 4464 wrote to memory of 4184	4464	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c602bbefcd65bcd3c6f295ee3a202cb06e4191c870b394c81e631042afcf3a96.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c602bbefcd65bcd3c6f295ee3a202cb06e4191c870b394c81e631042afcf3a96.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4184