d9491b5790f39262d16d716788ddf8731ee27f86ace6e10cebf62cb6a5070c94

General

Target

3d75910c5f6945e5c4aecfeeb39fc40b.exe
Size

182KB
MD5

3d75910c5f6945e5c4aecfeeb39fc40b
SHA1

fdcc07b0b2d53735dd07918e3f8e3410611e6178
SHA256

d9491b5790f39262d16d716788ddf8731ee27f86ace6e10cebf62cb6a5070c94
SHA512

74de743ab34f6f4ba8f9e711184573f824eb9c9889660d69a94d7ec9b3e12b32c3315e2f0e313b4ba0c6f8a09a0b25ff5d29df90faadd9984fb4ab8e481a0996
SSDEEP

3072:+nZanaRQGDr9/Ou0EneMP5J3VzvrshGkvLWClAab6k46Zq7S6Qrg:IcnaCm1OMeIJ3GLLtrXhUSt

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
1556	3d75910c5f6945e5c4aecfeeb39fc40b.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\help\B41346EFA848.dll	3d75910c5f6945e5c4aecfeeb39fc40b.exe
File opened for modification	C:\Windows\help\B41346EFA848.dll	3d75910c5f6945e5c4aecfeeb39fc40b.exe

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\ = "SSUUDL"	3d75910c5f6945e5c4aecfeeb39fc40b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32	3d75910c5f6945e5c4aecfeeb39fc40b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ = "C:\\Windows\\help\\B41346EFA848.dll"	3d75910c5f6945e5c4aecfeeb39fc40b.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}\InProcServer32\ThreadingModel = "Apartment"	3d75910c5f6945e5c4aecfeeb39fc40b.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1DBD6574-D6D0-4782-94C3-69619E719765}	3d75910c5f6945e5c4aecfeeb39fc40b.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1556	3d75910c5f6945e5c4aecfeeb39fc40b.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 2840	1556	3d75910c5f6945e5c4aecfeeb39fc40b.exe	27
PID 1556 wrote to memory of 2840	1556	3d75910c5f6945e5c4aecfeeb39fc40b.exe	27
PID 1556 wrote to memory of 2840	1556	3d75910c5f6945e5c4aecfeeb39fc40b.exe	27
PID 1556 wrote to memory of 2840	1556	3d75910c5f6945e5c4aecfeeb39fc40b.exe	27
PID 1556 wrote to memory of 2572	1556	3d75910c5f6945e5c4aecfeeb39fc40b.exe	32
PID 1556 wrote to memory of 2572	1556	3d75910c5f6945e5c4aecfeeb39fc40b.exe	32
PID 1556 wrote to memory of 2572	1556	3d75910c5f6945e5c4aecfeeb39fc40b.exe	32
PID 1556 wrote to memory of 2572	1556	3d75910c5f6945e5c4aecfeeb39fc40b.exe	32

C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
63B

MD5
e533642619b3d7a825a8af4a7891ebc0

SHA1
db4b4872cdcf032f52ac99b846f8106e09a9d10f

SHA256
8a5acaedb3906baa4b576a19daa833e48d9a3327596900bf2c18831cebc745e7

SHA512
edfa8ce119048d182d8fea748c4622e6f71687a29444424df052fadcf0a8009bb8219c9686785749079d9e02e06d0ef3b0dcbac3c787473e62e0dfd28091085c

Download Submit
C:\Users\Admin\AppData\Local\Temp\2.bat

Filesize
62B

MD5
d1e2f8a61226bad0565f9cee05b936ee

SHA1
43e98474e6cdcb9264d47d2b87e9ffec688dbc46

SHA256
a476ed4a9df4b6f2a35e735f308c6419cc1bc2789e587beb723a1d3c4939ac5a

SHA512
43a29f4bec3ce7c9685c6e2cdfbabd63ad1c6f3ad09ced145f248cacbe305a055de8598d07337b580a3a6d5fadd69d1d21466627e7c2c2b1e5e15b5718cc80e2

Download Submit
\Windows\Help\B41346EFA848.dll

Filesize
101KB

MD5
5b23543c1d2baa4ec132d56ffda6e6f1

SHA1
68b947a3d99503084b8d3ecde5a3b19ca63fe3df

SHA256
c7b588d34e7981867ba0cd058126d9ea0fe1c0508a89d3017629a2b8857fbb15

SHA512
57760b4460c91d63805f638b41fa88732d852b6d360f3992a1364e8a3926be571184318052ea24037dc390297592c091673ee2bce7808e0b6429149d1689eae9

Download Submit
memory/1556-0-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/1556-21-0x0000000001E50000-0x0000000001EA3000-memory.dmp

Filesize
332KB

Download
memory/1556-22-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/1556-23-0x0000000001E50000-0x0000000001EA3000-memory.dmp

Filesize
332KB

Download