8fd777fa831816296db9959fa375b956719a22f166bc9594e33073c47ebe940a

Analysis

max time kernel
93s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240220-en
resource tags

arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2024 14:54

Target

8fd777fa831816296db9959fa375b956719a22f166bc9594e33073c47ebe940a.dll
Size

397KB
MD5

fb0e7f39c43ff95714ff8654aeac9e8c
SHA1

f85d77c7c9ec7170bbf55a348b770a43949ce905
SHA256

8fd777fa831816296db9959fa375b956719a22f166bc9594e33073c47ebe940a
SHA512

c31833908aab8de466c3f4629e86fd803b34414834c414ebada6bb6e41f86708b667bfdaa1a09a09ddd1bd2d75847029232c311edda2bc6cc7b4df6bae83239b
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOaC:174g2LDeiPDImOkx2LIaC

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	540	rundll32.exe
Token: SeTcbPrivilege	540	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3744 wrote to memory of 540	3744	rundll32.exe	55
PID 3744 wrote to memory of 540	3744	rundll32.exe	55
PID 3744 wrote to memory of 540	3744	rundll32.exe	55

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8fd777fa831816296db9959fa375b956719a22f166bc9594e33073c47ebe940a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8fd777fa831816296db9959fa375b956719a22f166bc9594e33073c47ebe940a.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:540