b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd

Analysis

max time kernel
19s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 22:10

Target

b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd.dll
Size

44KB
MD5

5a62a932c29e91bb17f1def447ecdb40
SHA1

e24185ddb2e8c3d972b4a3b078b09bf3fdf31813
SHA256

b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd
SHA512

1e168833fa1d9d7360ae469a14c78dfc2c8ef44770f2a3c7d2f5d7c0a4f519b07fd5ac224b05717cbf37e7c12fb893f4842c2a6e777cf68ad060d7db27364610
SSDEEP

768:L0XLCdYxDow6F6L3uH2yOvhUQpkavk+ag4zp6RTTogLa1lHqFH:L0X2dYxkG+H2ysUHzp6ZFLaHHi

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1644	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1644	Rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 952	804	regsvr32.exe	28
PID 804 wrote to memory of 952	804	regsvr32.exe	28
PID 804 wrote to memory of 952	804	regsvr32.exe	28
PID 804 wrote to memory of 952	804	regsvr32.exe	28
PID 804 wrote to memory of 952	804	regsvr32.exe	28
PID 804 wrote to memory of 952	804	regsvr32.exe	28
PID 804 wrote to memory of 952	804	regsvr32.exe	28
PID 952 wrote to memory of 1644	952	regsvr32.exe	29
PID 952 wrote to memory of 1644	952	regsvr32.exe	29
PID 952 wrote to memory of 1644	952	regsvr32.exe	29
PID 952 wrote to memory of 1644	952	regsvr32.exe	29
PID 952 wrote to memory of 1644	952	regsvr32.exe	29
PID 952 wrote to memory of 1644	952	regsvr32.exe	29
PID 952 wrote to memory of 1644	952	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:804
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:952
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:1644

memory/804-54-0x000007FEFBC41000-0x000007FEFBC43000-memory.dmp

Filesize
8KB

Download
memory/952-56-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download