04edb707b27632711b78f98fe66b3f9a78de04624e4f65e551035c0a193dbc3d

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18-01-2024 07:42

Target

64d94bce7281dfe6fb97939c6651fce3.dll
Size

300KB
MD5

64d94bce7281dfe6fb97939c6651fce3
SHA1

515db6800d549a709d38968504f8850d164993fd
SHA256

04edb707b27632711b78f98fe66b3f9a78de04624e4f65e551035c0a193dbc3d
SHA512

88df482565d31f94bae29565f969db6f0f21ee8352c573bef26b227352785b0de17a9e78ada30b303ee85db37c9fb7e3a5267a1c46264c411f07d1705d80caa9
SSDEEP

6144:uA2iBzok8ag9cMDXexovX+Wo22HbbfTcnmWG0EM8ZCzERln:uAHGk8T9cMDXexoPdovHbbfomWG0usw9

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\gmjgty.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\gmjgty.dll	rundll32.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	376	rundll32.exe
Token: SeDebugPrivilege	376	rundll32.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 376	1404	rundll32.exe	84
PID 1404 wrote to memory of 376	1404	rundll32.exe	84
PID 1404 wrote to memory of 376	1404	rundll32.exe	84
PID 376 wrote to memory of 3384	376	rundll32.exe	43
PID 376 wrote to memory of 3384	376	rundll32.exe	43