45dba12933f5b2287fc0ea8a53bdbbfbb62b80e78507f42d98968b9adf52b227

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 01:11

Target

45dba12933f5b2287fc0ea8a53bdbbfbb62b80e78507f42d98968b9adf52b227.dll
Size

397KB
MD5

fd37d5ea147c37bfe6a72572d9e12cd7
SHA1

f8e5b93d79abf4ff197a2542935ed0a50789fcab
SHA256

45dba12933f5b2287fc0ea8a53bdbbfbb62b80e78507f42d98968b9adf52b227
SHA512

43ca36ff3bf9e5d5fb7ddbb9422f416b6eaa98d78dff1a189b7d563a475efc46cdf8509cf9b84f481a989e592dd17e4fb4595cf486c7cd911470539a484c7ba0
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOa/:174g2LDeiPDImOkx2LIa/

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	5112	rundll32.exe
Token: SeTcbPrivilege	5112	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 5112	4824	rundll32.exe	83
PID 4824 wrote to memory of 5112	4824	rundll32.exe	83
PID 4824 wrote to memory of 5112	4824	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45dba12933f5b2287fc0ea8a53bdbbfbb62b80e78507f42d98968b9adf52b227.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\45dba12933f5b2287fc0ea8a53bdbbfbb62b80e78507f42d98968b9adf52b227.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5112