b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd

Analysis

max time kernel
148s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 22:10

Target

b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd.dll
Size

44KB
MD5

5a62a932c29e91bb17f1def447ecdb40
SHA1

e24185ddb2e8c3d972b4a3b078b09bf3fdf31813
SHA256

b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd
SHA512

1e168833fa1d9d7360ae469a14c78dfc2c8ef44770f2a3c7d2f5d7c0a4f519b07fd5ac224b05717cbf37e7c12fb893f4842c2a6e777cf68ad060d7db27364610
SSDEEP

768:L0XLCdYxDow6F6L3uH2yOvhUQpkavk+ag4zp6RTTogLa1lHqFH:L0X2dYxkG+H2ysUHzp6ZFLaHHi

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2740	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2740	Rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2568 wrote to memory of 5012	2568	regsvr32.exe	83
PID 2568 wrote to memory of 5012	2568	regsvr32.exe	83
PID 2568 wrote to memory of 5012	2568	regsvr32.exe	83
PID 5012 wrote to memory of 2740	5012	regsvr32.exe	86
PID 5012 wrote to memory of 2740	5012	regsvr32.exe	86
PID 5012 wrote to memory of 2740	5012	regsvr32.exe	86

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2568
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5012
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\b420e9dfe8d4ec54cfef03a00b59d27e5a0ee99ffe6b30e37b3ab863aeb21ecd.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:2740