ef3518c1b27e2a7ac50a9a919cdd5e09a4eb72148a8325dd97cf84a60f32c6e4

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 13:09

Target

ef3518c1b27e2a7ac50a9a919cdd5e09a4eb72148a8325dd97cf84a60f32c6e4.dll
Size

48KB
MD5

6aebeece5101f90896ff5aabd17f98f9
SHA1

070a5c2abd10effbd52ee6a4d2a3b3c202119334
SHA256

ef3518c1b27e2a7ac50a9a919cdd5e09a4eb72148a8325dd97cf84a60f32c6e4
SHA512

bb78927d68eedb2815a8902dcc872664335970bd7c414f3f9f0e187f30d56f29ac97e616c85dc37e24f5c6c941552c444e54e9cb359d999219c235d4b875ce5f
SSDEEP

768:5JqFgOvH6CISzuKvcLXs8AGPoIfNfvI0mOYbZVou9y2JuUQ37ty8G:5gCSTcL8uPoIVfvT/60ZdU8

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1752	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1752	Rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 904	1956	regsvr32.exe	28
PID 1956 wrote to memory of 904	1956	regsvr32.exe	28
PID 1956 wrote to memory of 904	1956	regsvr32.exe	28
PID 1956 wrote to memory of 904	1956	regsvr32.exe	28
PID 1956 wrote to memory of 904	1956	regsvr32.exe	28
PID 1956 wrote to memory of 904	1956	regsvr32.exe	28
PID 1956 wrote to memory of 904	1956	regsvr32.exe	28
PID 904 wrote to memory of 1752	904	regsvr32.exe	29
PID 904 wrote to memory of 1752	904	regsvr32.exe	29
PID 904 wrote to memory of 1752	904	regsvr32.exe	29
PID 904 wrote to memory of 1752	904	regsvr32.exe	29
PID 904 wrote to memory of 1752	904	regsvr32.exe	29
PID 904 wrote to memory of 1752	904	regsvr32.exe	29
PID 904 wrote to memory of 1752	904	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ef3518c1b27e2a7ac50a9a919cdd5e09a4eb72148a8325dd97cf84a60f32c6e4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ef3518c1b27e2a7ac50a9a919cdd5e09a4eb72148a8325dd97cf84a60f32c6e4.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:904
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\ef3518c1b27e2a7ac50a9a919cdd5e09a4eb72148a8325dd97cf84a60f32c6e4.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:1752

memory/904-56-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download
memory/1956-54-0x000007FEFBF21000-0x000007FEFBF23000-memory.dmp

Filesize
8KB

Download