7d723d2a04e265cac0a1ed2d8f93f637f5baf9e1b7cf2b5f8ca2232ef60a61f6

Analysis

max time kernel
576s
max time network
1146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 17:25

Target

Custom.dll
Size

3.6MB
MD5

28c87bb3b0a5ca2c9808e83993c3da03
SHA1

babdb64f468b6893b7798a166d484f1926ec599a
SHA256

c53e2fe707e0a58286c0ca7e15988c7e07a5c6609744465d5099131d115d4a3d
SHA512

106dfbded22dae2f0d10655ae555e9e7fbe5f5aa28f38a01879ee898dba3e7f7ccd5658d8670f5b1f922e3cd2a2a90d6d9c557f95da239ceb7b4cfe65508999c
SSDEEP

98304:5tqYopU5sN4sxMFCh2+cGjeQTBTb6rJBy7ZA9p:5tqYopzeS1hF56rJBy7O

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1756	svchost.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Custom.dll,#1
1⤵
PID:4992

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2024

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1756

memory/1756-3-0x0000022EEA540000-0x0000022EEA550000-memory.dmp

Filesize
64KB

Download
memory/1756-19-0x0000022EEA640000-0x0000022EEA650000-memory.dmp

Filesize
64KB

Download
memory/1756-35-0x0000022EF29B0000-0x0000022EF29B1000-memory.dmp

Filesize
4KB

Download
memory/1756-37-0x0000022EF29E0000-0x0000022EF29E1000-memory.dmp

Filesize
4KB

Download
memory/1756-38-0x0000022EF29E0000-0x0000022EF29E1000-memory.dmp

Filesize
4KB

Download
memory/1756-39-0x0000022EF2AF0000-0x0000022EF2AF1000-memory.dmp

Filesize
4KB

Download
memory/4992-0-0x00007FFAAE400000-0x00007FFAAE94E000-memory.dmp

Filesize
5.3MB

Download