e1532cab4434fd64d770f04aee76306f0da1ccb46d0ef5869c576f6ace620383

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2024, 13:06

Target

899657fb3e4ee785920aedeaba756c93.dll
Size

125KB
MD5

899657fb3e4ee785920aedeaba756c93
SHA1

e0ac714501e84d386f2e89d95b1449996d6b6061
SHA256

e1532cab4434fd64d770f04aee76306f0da1ccb46d0ef5869c576f6ace620383
SHA512

e8f4c484dc667dd6ffdbb81d5d03fbbedb7ad37aed99386242f1c57ee40becc20e3d78a5e3a6a0f20630f83239bb942a642eb17d4e0cbd187008310c1a62f70d
SSDEEP

1536:pwwqvzsY7DoTMlV6ye6oXCFhCxYzaKFst+g/9+3AFkzsnj0IN2sH4kqAkKmxDO90:qzFIT46jBKosaKFst+o+gjykCO9zqbX

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 19 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4516	rundll32.exe
Token: SeSecurityPrivilege	4516	rundll32.exe
Token: SeTakeOwnershipPrivilege	4516	rundll32.exe
Token: SeLoadDriverPrivilege	4516	rundll32.exe
Token: SeSystemProfilePrivilege	4516	rundll32.exe
Token: SeSystemtimePrivilege	4516	rundll32.exe
Token: SeProfSingleProcessPrivilege	4516	rundll32.exe
Token: SeIncBasePriorityPrivilege	4516	rundll32.exe
Token: SeCreatePagefilePrivilege	4516	rundll32.exe
Token: SeShutdownPrivilege	4516	rundll32.exe
Token: SeDebugPrivilege	4516	rundll32.exe
Token: SeSystemEnvironmentPrivilege	4516	rundll32.exe
Token: SeRemoteShutdownPrivilege	4516	rundll32.exe
Token: SeUndockPrivilege	4516	rundll32.exe
Token: SeManageVolumePrivilege	4516	rundll32.exe
Token: 33	4516	rundll32.exe
Token: 34	4516	rundll32.exe
Token: 35	4516	rundll32.exe
Token: 36	4516	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 4516	1744	rundll32.exe	84
PID 1744 wrote to memory of 4516	1744	rundll32.exe	84
PID 1744 wrote to memory of 4516	1744	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\899657fb3e4ee785920aedeaba756c93.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\899657fb3e4ee785920aedeaba756c93.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4516

memory/4516-0-0x00000000763B0000-0x00000000764A0000-memory.dmp

Filesize
960KB

Download
memory/4516-1-0x00000000763B0000-0x00000000764A0000-memory.dmp

Filesize
960KB

Download