445cc7451460b81ecbcbfceebbc295fc616a64de14a767a2cdc01aab5fc089f3

Analysis

max time kernel
202s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 04:47 UTC

Target

445cc7451460b81ecbcbfceebbc295fc616a64de14a767a2cdc01aab5fc089f3.dll
Size

13KB
MD5

a60d0aef23b59efb3fd497c54758c8b0
SHA1

051e966bceffaa0251d52f1fa0bcec8a6c571a1c
SHA256

445cc7451460b81ecbcbfceebbc295fc616a64de14a767a2cdc01aab5fc089f3
SHA512

2c24cc7d456ed8ca69fd416642f2095dea55d4237d8f71bde9ff95f25ed1ebe2ed04985d688f8970c8693040460cfcc3e5abc122e83b8e1269e1a9d50031d395
SSDEEP

192:jX4pNxMDDPKOKMkEVG5ul19tuzuO0mzDxPGS6KF+VSpiYm/RqSklNmZ:uMOEGmUupmKKzp1WRBkl+

Score

1^/10

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}\	regsvr32.exe
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1da7dbe8-c51b-4ae4-bc6e-21863349b0b4}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\445cc7451460b81ecbcbfceebbc295fc616a64de14a767a2cdc01aab5fc089f3.dll"	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 4928	1912	regsvr32.exe	83
PID 1912 wrote to memory of 4928	1912	regsvr32.exe	83
PID 1912 wrote to memory of 4928	1912	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\445cc7451460b81ecbcbfceebbc295fc616a64de14a767a2cdc01aab5fc089f3.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\445cc7451460b81ecbcbfceebbc295fc616a64de14a767a2cdc01aab5fc089f3.dll
  2⤵
  - Modifies registry class
  PID:4928