82eeb51146318f78bbeb3bc9c532f39c166ef1dac07bf3ceea4f5ac1fd9f6690

Analysis

max time kernel
93s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 14:42

Target

82eeb51146318f78bbeb3bc9c532f39c166ef1dac07bf3ceea4f5ac1fd9f6690.dll
Size

397KB
MD5

41a15330e1fbe2dedc6f77a6c90096ea
SHA1

0cca44a8b86fc23225a2019639a960d1e8931547
SHA256

82eeb51146318f78bbeb3bc9c532f39c166ef1dac07bf3ceea4f5ac1fd9f6690
SHA512

5e0b6e719bcb6e5a2cc63a9971c2c0ba7fcce72251edad81cd1dad0a5444c490d2754f28f215d51154f912d22be522b35078651afb590f6a8395ce6ec59f04b4
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOat:174g2LDeiPDImOkx2LIat

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1620	rundll32.exe
Token: SeTcbPrivilege	1620	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 1620	4816	rundll32.exe	82
PID 4816 wrote to memory of 1620	4816	rundll32.exe	82
PID 4816 wrote to memory of 1620	4816	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\82eeb51146318f78bbeb3bc9c532f39c166ef1dac07bf3ceea4f5ac1fd9f6690.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\82eeb51146318f78bbeb3bc9c532f39c166ef1dac07bf3ceea4f5ac1fd9f6690.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1620