33f5b8d3bbf6f5b70a1d85452298765ddf028ac723b7ea2eaaa37467f09b4c4f

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12-03-2024 13:43

Target

c3839c9e4fcf9b36fb2ef2aa32f474f9.dll
Size

33KB
MD5

c3839c9e4fcf9b36fb2ef2aa32f474f9
SHA1

8c673fab53bb2694ea06e49f0f407c14e9a83531
SHA256

33f5b8d3bbf6f5b70a1d85452298765ddf028ac723b7ea2eaaa37467f09b4c4f
SHA512

1fc0f413507143e25f323dea9c2543d44652bf6dc9574085be4f6b0c6bbca391717422bdee85e3a4b1bf8dd97fe4e607e994bdd8749adde4b14728ed3afc901f
SSDEEP

768:t+aoi6qZOpQB5ZpOc06HCMN9GT6RJ5BHUEy2YEZZEo:t+av6qZ4QxpP0AtNfRJ5BHxY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2444	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3776 wrote to memory of 2444	3776	rundll32.exe	89
PID 3776 wrote to memory of 2444	3776	rundll32.exe	89
PID 3776 wrote to memory of 2444	3776	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c3839c9e4fcf9b36fb2ef2aa32f474f9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3776
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c3839c9e4fcf9b36fb2ef2aa32f474f9.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2444