6826ddd6cc547d69a69a09dcb0133ff60016e8c5502cf46677b1e90e601e742c

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 03:42

Target

ad98dcda497dac6d3cfa4395818badcd.dll
Size

42KB
MD5

ad98dcda497dac6d3cfa4395818badcd
SHA1

f43c3ba5c479cbc4bea0ec5119a730d73c975609
SHA256

6826ddd6cc547d69a69a09dcb0133ff60016e8c5502cf46677b1e90e601e742c
SHA512

949b00a4da82ba24e161fd494c49f557bca3d9186405ae130c9a42e27323f1d4ed08e9997a9d226944dd975bea39f2d2024ce2a63632b66c2e8c183318c8b225
SSDEEP

768:lEFJtadUnhGyfmBJeG2/7mMGbThYo2W/mDzm5Xjejx:KFbadohmPeG2zmdYoODz4U

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4448	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4684 wrote to memory of 4448	4684	rundll32.exe	68
PID 4684 wrote to memory of 4448	4684	rundll32.exe	68
PID 4684 wrote to memory of 4448	4684	rundll32.exe	68

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad98dcda497dac6d3cfa4395818badcd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad98dcda497dac6d3cfa4395818badcd.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4448