68c75acfd69a75f64aefca7d800d24d85484fbb298d4eca786a77a1def84262f

Analysis

max time kernel
133s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2024 12:51

Target

68c75acfd69a75f64aefca7d800d24d85484fbb298d4eca786a77a1def84262f.dll
Size

397KB
MD5

1d1525c4e31ca70b8eea4692b1b8c10a
SHA1

50ce124e733209abf7b064780ad8525e3234a3dd
SHA256

68c75acfd69a75f64aefca7d800d24d85484fbb298d4eca786a77a1def84262f
SHA512

855fa11cf5962752a8c1a3106fcca8fb125da74cd6142f8dd1f1916f81a4980634800bae31ec0ed36087762e8d2a35cb2a24a8510b5a1b24cb413c136bd637d0
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOao:174g2LDeiPDImOkx2LIao

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4384	rundll32.exe
Token: SeTcbPrivilege	4384	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 4384	4740	rundll32.exe	87
PID 4740 wrote to memory of 4384	4740	rundll32.exe	87
PID 4740 wrote to memory of 4384	4740	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\68c75acfd69a75f64aefca7d800d24d85484fbb298d4eca786a77a1def84262f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\68c75acfd69a75f64aefca7d800d24d85484fbb298d4eca786a77a1def84262f.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4384