01558955a93caa4a52ac0c99fc85b0eac45048ddea404bcaf05c81c99cc37987

Analysis

max time kernel
94s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 18:42

Target

01558955a93caa4a52ac0c99fc85b0eac45048ddea404bcaf05c81c99cc37987.dll
Size

397KB
MD5

55572bf96cba47e27ede36d5efddea0b
SHA1

7ab5b09d6c0b963f4688e734fb80b1888af64bea
SHA256

01558955a93caa4a52ac0c99fc85b0eac45048ddea404bcaf05c81c99cc37987
SHA512

3d4fb4ae06bd94f107a2603876718c17c1e86e1e6609965089d4511c28ac835182933c8265220e1dd12737ef5691817f3c837e620e35627329e8768d2281c9d5
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOa1:174g2LDeiPDImOkx2LIa1

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4024	rundll32.exe
Token: SeTcbPrivilege	4024	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 4024	3208	rundll32.exe	86
PID 3208 wrote to memory of 4024	3208	rundll32.exe	86
PID 3208 wrote to memory of 4024	3208	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\01558955a93caa4a52ac0c99fc85b0eac45048ddea404bcaf05c81c99cc37987.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\01558955a93caa4a52ac0c99fc85b0eac45048ddea404bcaf05c81c99cc37987.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4024