93c100605ed7d4a4dbfc3ea653170f52594ff36ed6e40ba4dd1d575f714581ea

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2024 18:39

Target

7afab6a363aae5e71d9f1eb87f55bd64.dll
Size

121KB
MD5

7afab6a363aae5e71d9f1eb87f55bd64
SHA1

cc7f17d4b6cdf984b39fd8dcfd7ddd1630d823df
SHA256

93c100605ed7d4a4dbfc3ea653170f52594ff36ed6e40ba4dd1d575f714581ea
SHA512

266ea84faa3896da39c575fbd8d8dd4cd743c3015214d0e6dbb0b6725848846fc57409469f2ae5fb440a83cdee510bf2ccfda1d5904abc0c3cc07a5dad7eb729
SSDEEP

3072:1iMjf9DriUGMEPFZW2nriNBM9zXbed7C55o+yCDnL1i8/iJEE:D5iUGMEtj2BsOd7I5oNCn1idJE

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4552	rundll32.exe
4552	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4552	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 4552	1588	rundll32.exe	86
PID 1588 wrote to memory of 4552	1588	rundll32.exe	86
PID 1588 wrote to memory of 4552	1588	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7afab6a363aae5e71d9f1eb87f55bd64.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7afab6a363aae5e71d9f1eb87f55bd64.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4552

memory/4552-1-0x0000000010000000-0x0000000010037000-memory.dmp

Filesize
220KB

Download
memory/4552-0-0x0000000010000000-0x0000000010037000-memory.dmp

Filesize
220KB

Download
memory/4552-2-0x0000000010000000-0x0000000010037000-memory.dmp

Filesize
220KB

Download
memory/4552-3-0x0000000000B70000-0x0000000000BA7000-memory.dmp

Filesize
220KB

Download
memory/4552-4-0x0000000000B74000-0x0000000000B75000-memory.dmp

Filesize
4KB

Download
memory/4552-5-0x0000000010000000-0x0000000010037000-memory.dmp

Filesize
220KB

Download
memory/4552-6-0x0000000000B70000-0x0000000000BA7000-memory.dmp

Filesize
220KB

Download