d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 14:36

Target

d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362.dll
Size

397KB
MD5

23c0b8d376cbdbaed347d96f69b34757
SHA1

5d4ad15e6879f6637cfe289c40390c5fb329413b
SHA256

d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362
SHA512

1dbfde8afc2ddca8d5d2e51e7152b1ce9420eec8a6e11566fd0f2915dde944af1536ef2f979fc925601b74e8702a130b12e9c885360d68bad8fe6bcdf60c1d68
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaV:174g2LDeiPDImOkx2LIaV

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4620	rundll32.exe
Token: SeTcbPrivilege	4620	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 4620	3100	rundll32.exe	84
PID 3100 wrote to memory of 4620	3100	rundll32.exe	84
PID 3100 wrote to memory of 4620	3100	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7ce222cf7405a946d1ba045143374b01b6bc24cf048db0e6a17399e5f3aa362.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4620