1668adf73ab7e4adb0e8275d1517eb6f1c5486c334cc4a181c4e0c45655efd32

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 00:53

Target

aa96522ddac075816205087a9f9aac24.dll
Size

384KB
MD5

aa96522ddac075816205087a9f9aac24
SHA1

588b8deb0086f759d42f5da75b51dc54e935b768
SHA256

1668adf73ab7e4adb0e8275d1517eb6f1c5486c334cc4a181c4e0c45655efd32
SHA512

536c6ffd9e32990e86382646f2f30a36d24d54eb4017b09bad22597b6f5faef4253a323a064a7f798e51d99f94703827e1ce1a2c6ea47f839530fd70eaf57be0
SSDEEP

6144:u2eXDRsnXKi1wjhKIlDIWZoWhic8iY2BLvuHAkc1xV6tXsoovk9u2rc:t+Qzdcuc8p2Nvuw1T6BQ2

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
5	528	rundll32.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	528	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 528	1356	rundll32.exe	65
PID 1356 wrote to memory of 528	1356	rundll32.exe	65
PID 1356 wrote to memory of 528	1356	rundll32.exe	65

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa96522ddac075816205087a9f9aac24.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa96522ddac075816205087a9f9aac24.dll,#1
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:528