39f4f6a61b2ed4956ba96d61acae784fbf67f1a48b83f1218a1959168323d078

Analysis

max time kernel
139s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/01/2024, 04:34

Target

76654e6cb55d459aef4bade9e86c9820.dll
Size

23KB
MD5

76654e6cb55d459aef4bade9e86c9820
SHA1

fe6bfadab101d02890b3f6960526f82ce49b2ee1
SHA256

39f4f6a61b2ed4956ba96d61acae784fbf67f1a48b83f1218a1959168323d078
SHA512

a3c4a97268132ab1c198020ccccf8fa7a303f937f78369888cb347676e65497e3cbe4710601c5f633cb481cb188d952240d80003b6e1901c5039445ec7e389a3
SSDEEP

384:DaGcv+dJrxlI2z8j0INbuLsPMwPq/hc9ZYAbw1cZZqpruc:O1+dhxlI08j0INbuLsPUnAbWcZg5V

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\sperls.dll	rundll32.exe
File opened for modification	C:\Windows\SysWOW64\sperls.dll	rundll32.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3008	rundll32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 3008	3024	rundll32.exe	86
PID 3024 wrote to memory of 3008	3024	rundll32.exe	86
PID 3024 wrote to memory of 3008	3024	rundll32.exe	86
PID 3008 wrote to memory of 3344	3008	rundll32.exe	51