606afd343503dd23c7eb73baee300d5a8346e79b6e11a316baf843478253ff1e

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2022, 17:44

Target

606afd343503dd23c7eb73baee300d5a8346e79b6e11a316baf843478253ff1e.dll
Size

332KB
MD5

0af43acd70b0c953c590946c0da827af
SHA1

3e5e363e3789bedadabc8f73aeffd8cde9d396bf
SHA256

606afd343503dd23c7eb73baee300d5a8346e79b6e11a316baf843478253ff1e
SHA512

e775156826c07e8712b8cd812e7e57bcd0158b84c0c02f53cb425a224d33a9e4c0cd892369b7d34359af2389d6187e3ee0ea9f3314617074ac19149b66b8eeaa
SSDEEP

3072:EXAb6pLQdh+IXSSyDYl1yJksNqJp5AMoejrdVQPIL1Aml5Oy6L0ZaemDti9hBWWh:E+6pXIiSyssepKer2Zml4y6Ms4HoBhq

Score

1^/10

Modifies registry class 11 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\main.BHO.1\ = "Browser Helper Object"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\main.BHO	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\main.BHO.1	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\main.BHO	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\main.BHO.1	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\main.BHO.1\CLSID	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\main.BHO.1\CLSID\ = "{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\main.BHO\ = "Browser Helper Object"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\‚”#˜‚	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\main.BHO.1\CLSID	regsvr32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\‚”#˜‚	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 4944	4960	regsvr32.exe	82
PID 4960 wrote to memory of 4944	4960	regsvr32.exe	82
PID 4960 wrote to memory of 4944	4960	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\606afd343503dd23c7eb73baee300d5a8346e79b6e11a316baf843478253ff1e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\606afd343503dd23c7eb73baee300d5a8346e79b6e11a316baf843478253ff1e.dll
  2⤵
  - Modifies registry class
  PID:4944