e0399bfe9bb1140d635f8afebfcd84c1817215b6e0152b2b69bd43ff66a21edf

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 06:42

Target

bdee4a2c284030cb14335c9749c2fe16.dll
Size

51KB
MD5

bdee4a2c284030cb14335c9749c2fe16
SHA1

7d46d42a8b0f49b8811cb60b255f90178eeb640c
SHA256

e0399bfe9bb1140d635f8afebfcd84c1817215b6e0152b2b69bd43ff66a21edf
SHA512

2dbfaf7bb7cfb6d56ac7435dc4de4f24ca7a86a4dad1de9687b85d5c318555f794c64a33f3739212a5fc1a7cdd534db621b1a8936aafa71d539574c226074706
SSDEEP

768:5XPzk88VR5eiDwRYkulb2Ba9g3ZuVZp15ntv9grCezYRKiN2lQJfOnv3Qm:Z7kbfxw+l0J61RtuNi7Jf43x

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2788	rundll32.exe
Token: SeTakeOwnershipPrivilege	2788	rundll32.exe
Token: SeImpersonatePrivilege	2788	rundll32.exe
Token: SeAssignPrimaryTokenPrivilege	2788	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 2788	4788	rundll32.exe	87
PID 4788 wrote to memory of 2788	4788	rundll32.exe	87
PID 4788 wrote to memory of 2788	4788	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bdee4a2c284030cb14335c9749c2fe16.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bdee4a2c284030cb14335c9749c2fe16.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2788

memory/2788-0-0x00000000001F0000-0x00000000001F3000-memory.dmp

Filesize
12KB

Download
memory/2788-1-0x00000000001C0000-0x00000000001CF000-memory.dmp

Filesize
60KB

Download