87d371e6c595449c352ae0cf68679ff696d3ee82e96639a8c698bc27832dc17f

Analysis

max time kernel
139s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 07:40

Target

87d371e6c595449c352ae0cf68679ff696d3ee82e96639a8c698bc27832dc17f.dll
Size

397KB
MD5

f8d807296436c5e4177a40bdc88b5eaf
SHA1

55afcebc1d487144322ccac27a5961e0020b0bc2
SHA256

87d371e6c595449c352ae0cf68679ff696d3ee82e96639a8c698bc27832dc17f
SHA512

862e93c9c76b1a863ff616934b0de9139b11cd396b3923ca0ff5ce428b2f66ad072abee3a1977ac971c38411e4846d0eb9afce3f1cb307c069b91ed345f1da61
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOat:174g2LDeiPDImOkx2LIat

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	64	rundll32.exe
Token: SeTcbPrivilege	64	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 64	4760	rundll32.exe	86
PID 4760 wrote to memory of 64	4760	rundll32.exe	86
PID 4760 wrote to memory of 64	4760	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\87d371e6c595449c352ae0cf68679ff696d3ee82e96639a8c698bc27832dc17f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\87d371e6c595449c352ae0cf68679ff696d3ee82e96639a8c698bc27832dc17f.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:64