1530ab9c8cc838781d6d139430e02585f5212788915e9b58dd8a31fb06e772c6

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-03-2024 19:14

Target

1530ab9c8cc838781d6d139430e02585f5212788915e9b58dd8a31fb06e772c6.dll
Size

505KB
MD5

ec4bb8875f6d1453c9573f1119021ccc
SHA1

5a8933a04ca2d9581b7fb4710928a501d0d4a802
SHA256

1530ab9c8cc838781d6d139430e02585f5212788915e9b58dd8a31fb06e772c6
SHA512

73cc34f9fb26f7ec7d045242e423065e5663379347e5525c686f6bcdbb97673811863ed5efc4602437ebb1c4f4ea8f8ffa2eb8371f7509c7f2f1b55b199178a3
SSDEEP

12288:5eptOQvOSB/tpjbdAWFqTcQTJCWHnJXwv+c:wjOSBtdbdRa9CWXwGc

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4648	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 4648	968	rundll32.exe	89
PID 968 wrote to memory of 4648	968	rundll32.exe	89
PID 968 wrote to memory of 4648	968	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1530ab9c8cc838781d6d139430e02585f5212788915e9b58dd8a31fb06e772c6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1530ab9c8cc838781d6d139430e02585f5212788915e9b58dd8a31fb06e772c6.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4648

memory/4648-0-0x0000000000840000-0x00000000008C9000-memory.dmp

Filesize
548KB

Download
memory/4648-1-0x0000000000840000-0x00000000008C9000-memory.dmp

Filesize
548KB

Download