7dd2acc7beb86153bc2a7647385d5f3c6834d741f892f59856608ddbf7d54bd9 | Triage

Analysis

max time kernel
141s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 03:39

Sharing

Report Analysis Logs

General

Target

ba6b28298ce49911b8f3ebfbb24baf7c.dll
Size

31KB
MD5

ba6b28298ce49911b8f3ebfbb24baf7c
SHA1

ca5c4848674090bf9ea6d71a31725f0f8317e7d2
SHA256

7dd2acc7beb86153bc2a7647385d5f3c6834d741f892f59856608ddbf7d54bd9
SHA512

464002ac88273c2b686172ef2157391ed655daac6f176c6357f85604a588c85c25ac70a1aff310885357c155349101311d5e28d4bc1e883965e6d814ae693916
SSDEEP

768:UI1t8xsRzn7DSmUbakIJ0K3dqm6+IN8T5:UAEOmT+fJdNC8T

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2752	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1336 wrote to memory of 2752	1336	rundll32.exe	89
PID 1336 wrote to memory of 2752	1336	rundll32.exe	89
PID 1336 wrote to memory of 2752	1336	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba6b28298ce49911b8f3ebfbb24baf7c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba6b28298ce49911b8f3ebfbb24baf7c.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2752-0-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2752-1-0x0000000000AE0000-0x0000000000AE2000-memory.dmp

Filesize
8KB

Download
memory/2752-2-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download