aa7b2944ef2620685e8b62170d2a484220d3af11d95700bee743dd90954645df

Analysis

max time kernel
92s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 22:10

Target

aa7b2944ef2620685e8b62170d2a484220d3af11d95700bee743dd90954645df.dll
Size

17KB
MD5

2862be684b61a14c7ac63fab092fc1d1
SHA1

08e21f1c2aa2cad02738c873b78a70c6a9709ae6
SHA256

aa7b2944ef2620685e8b62170d2a484220d3af11d95700bee743dd90954645df
SHA512

a7cbf8f264a2a5ce3aa96d552bf4b01917c70ea078d99906151c0d37fb37f1bb8c15f0ded1f7a82ed038cca15314edcb56358ffb243877971c700f0f9a52345a
SSDEEP

384:Mk93wqDfWTokai8BMEFVkXw66jmkDW9fWA:MW3wqiSAEFVd6ay

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4960	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 4960	2700	rundll32.exe	84
PID 2700 wrote to memory of 4960	2700	rundll32.exe	84
PID 2700 wrote to memory of 4960	2700	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa7b2944ef2620685e8b62170d2a484220d3af11d95700bee743dd90954645df.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa7b2944ef2620685e8b62170d2a484220d3af11d95700bee743dd90954645df.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4960

memory/4960-0-0x0000000010000000-0x0000000010007000-memory.dmp

Filesize
28KB

Download