0994bacabba34499288c55d9568f4e73a2c5bef849fde42fc03052bf63948e57

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
18-09-2022 01:45

Target

fz.dll
Size

808KB
MD5

bf59424bc6cce2bbf12b1ba84b6f2ae2
SHA1

1b4d6200d22a063fc2c6b4043fe568ffd6dc2057
SHA256

6df2763332209ba83ed38800541dda57a5bc605398083c8d3dc9797adc6639b2
SHA512

74974ed00e35793d8af6dce4655aebe93999037e23650264359dbc15b99e98135b30d5ca7dbf3f61e94fc1cac87c038bd3a728a56326520e4d7315bc87971a85
SSDEEP

12288:2mLrKI5p+OO+maTckE6rjR4QYoXXsqFzzG5a65qhWlC:2mPtObMznjRbYw8Z5aWC

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1508	992	WerFault.exe	28

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	992	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
992	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 240 wrote to memory of 992	240	rundll32.exe	28
PID 240 wrote to memory of 992	240	rundll32.exe	28
PID 240 wrote to memory of 992	240	rundll32.exe	28
PID 240 wrote to memory of 992	240	rundll32.exe	28
PID 240 wrote to memory of 992	240	rundll32.exe	28
PID 240 wrote to memory of 992	240	rundll32.exe	28
PID 240 wrote to memory of 992	240	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fz.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fz.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:992
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 352
    3⤵
    - Program crash
    PID:1508

memory/992-55-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

Filesize
8KB

Download