bfa990bda3eebc658bcd0014dbfc9d57277e585548031f7ce4ecfcc8223f7b6b | Triage

Analysis

max time kernel
105s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2025, 15:33

Sharing

Report Analysis Logs

General

Target

tmpD01A.dll
Size

3.5MB
MD5

1a201cec87e2370a08dc00acc065501a
SHA1

02ff14bbb59d380cc8e7ffea711d978248bfcb83
SHA256

709f39277a3393fbdb4349bb19b80e2d976dd8926d6fcbe0e59d699338846016
SHA512

e80e75a672807dfa1da6002bb02e8024eaadb75f79f22c40c72c82c213d99b3f4dcdeb963a7587c0a5532fa8b6c53e9ac6eb512fc422d654191215e266eef1e1
SSDEEP

98304:UMoiKk/w5lfGCSlKNS48Rzp3roT91u7MHLzV0ZghXVp2vGmB:8iKk/9CSlKNvq

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	3068	rundll32.exe
Token: SeBackupPrivilege	3068	rundll32.exe
Token: SeDebugPrivilege	3068	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\tmpD01A.dll,#1
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3068-1-0x0000000210040000-0x0000000210346000-memory.dmp

Filesize
3.0MB

Download
memory/3068-2-0x0000000210040000-0x0000000210346000-memory.dmp

Filesize
3.0MB

Download