bd90915eaec77b7baa95a7e967748ee5ff637a50a42ac2345d0c3c1f4ccfc24a

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 06:09

Target

bd90915eaec77b7baa95a7e967748ee5ff637a50a42ac2345d0c3c1f4ccfc24a.dll
Size

156KB
MD5

3841ebf0815f2e3a250b9c6607a7bf82
SHA1

dffef25538aaba42b6d90698ab0381617eb48798
SHA256

bd90915eaec77b7baa95a7e967748ee5ff637a50a42ac2345d0c3c1f4ccfc24a
SHA512

0fef0a239e95cc6afe561ecf04acec25ed3fdf858c1fbfcf26775905b81ff41864a0200e97d53f99100331dadcc24b36e68d0eb9dc4f8eee9bbaf8ddec7d4aca
SSDEEP

3072:bhYp1FkbBkw0WEBenWoftDtL+wRz7qZ1UhPIn1R9Fz+ySZ6C:bepsb/0WEEWC/iwRO1Um1R9Fz+j

Score

4^/10

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~3\a42cfcc4f1c3c0d5432ca24a05a736ff5ee847769e7a59aab7b77ceae51909db.pad	rundll32.exe
File opened for modification	C:\PROGRA~3\a42cfcc4f1c3c0d5432ca24a05a736ff5ee847769e7a59aab7b77ceae51909db.pad	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1732	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 340 wrote to memory of 1732	340	rundll32.exe	27
PID 340 wrote to memory of 1732	340	rundll32.exe	27
PID 340 wrote to memory of 1732	340	rundll32.exe	27
PID 340 wrote to memory of 1732	340	rundll32.exe	27
PID 340 wrote to memory of 1732	340	rundll32.exe	27
PID 340 wrote to memory of 1732	340	rundll32.exe	27
PID 340 wrote to memory of 1732	340	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd90915eaec77b7baa95a7e967748ee5ff637a50a42ac2345d0c3c1f4ccfc24a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:340
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd90915eaec77b7baa95a7e967748ee5ff637a50a42ac2345d0c3c1f4ccfc24a.dll,#1
  2⤵
  - Drops file in Program Files directory
  - Suspicious use of AdjustPrivilegeToken
  PID:1732

memory/1732-55-0x0000000075771000-0x0000000075773000-memory.dmp

Filesize
8KB

Download
memory/1732-56-0x0000000000710000-0x0000000000735000-memory.dmp

Filesize
148KB

Download
memory/1732-58-0x0000000000710000-0x0000000000735000-memory.dmp

Filesize
148KB

Download
memory/1732-57-0x0000000000710000-0x0000000000735000-memory.dmp

Filesize
148KB

Download
memory/1732-59-0x0000000000710000-0x0000000000735000-memory.dmp

Filesize
148KB

Download
memory/1732-60-0x0000000000710000-0x0000000000735000-memory.dmp

Filesize
148KB

Download
memory/1732-61-0x0000000000220000-0x0000000000245000-memory.dmp

Filesize
148KB

Download
memory/1732-62-0x0000000000710000-0x0000000000735000-memory.dmp

Filesize
148KB

Download