f3a3b2f45320680c1eb364c3411e11cc7b34893a47913023c42dfae38ec7bb10

Analysis

max time kernel
30s
max time network
74s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 23:35

Target

f3a3b2f45320680c1eb364c3411e11cc7b34893a47913023c42dfae38ec7bb10.dll
Size

238KB
MD5

e84b4b7765930ba7138c52e98409e210
SHA1

b3f52a6443f55c596e226039042b550c5b066ae9
SHA256

f3a3b2f45320680c1eb364c3411e11cc7b34893a47913023c42dfae38ec7bb10
SHA512

bae6f2aba2d3bb771bbb687a2d2cbc6ed59ebbe28d89ae8196b1e6b23b7be9f98b126d26febf790fb72880ba412928c5305135c0777c2fba89d467b3d5e9a346
SSDEEP

3072:JnXrqiu9G4DAW0X5iUgPcXwA6aI5k4IcvRVCIdlaEZ+XH1b85ueZQFCVkOchFglJ:JnbdyG4E581VjJXd8y+XMQF8kBF2q4

Score

4^/10

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\win.ini	rundll32.exe
File opened for modification	C:\Windows\tawisys.ini	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1308	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 1308	956	rundll32.exe	28
PID 956 wrote to memory of 1308	956	rundll32.exe	28
PID 956 wrote to memory of 1308	956	rundll32.exe	28
PID 956 wrote to memory of 1308	956	rundll32.exe	28
PID 956 wrote to memory of 1308	956	rundll32.exe	28
PID 956 wrote to memory of 1308	956	rundll32.exe	28
PID 956 wrote to memory of 1308	956	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3a3b2f45320680c1eb364c3411e11cc7b34893a47913023c42dfae38ec7bb10.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3a3b2f45320680c1eb364c3411e11cc7b34893a47913023c42dfae38ec7bb10.dll,#1
  2⤵
  - Drops file in Windows directory
  - Suspicious use of AdjustPrivilegeToken
  PID:1308

memory/1308-55-0x0000000075B61000-0x0000000075B63000-memory.dmp

Filesize
8KB

Download
memory/1308-56-0x00000000001C0000-0x0000000000200000-memory.dmp

Filesize
256KB

Download