a842daed31623ff5a7652b578135b12c94fd6b63df918e02bf4846e3fac3d31f

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 19:55

Target

a842daed31623ff5a7652b578135b12c94fd6b63df918e02bf4846e3fac3d31f.dll
Size

301KB
MD5

305a5f241776b12344d0f0b17aba3a96
SHA1

d797e33d3820d74b6fab858aae3dca592aeb2c78
SHA256

a842daed31623ff5a7652b578135b12c94fd6b63df918e02bf4846e3fac3d31f
SHA512

af5289c1aa8c6cc2e3f7a620b2b28ecf134aeba3047c4398d81f66b2616fe0446c03bc82adae3b6fa1a385a674aeeeb3fe9e54d784842347eaba008e17672260
SSDEEP

6144:1CE7JpPh4QcF6zxMx2878ir17OB0PT2txH9s0r4e1CmUFtY:1nlpPhJ6kQ2t+1C0Uxdpd1Zz

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	836	regsvr32.exe
Token: SeDebugPrivilege	836	regsvr32.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
836	regsvr32.exe
836	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 836	1664	regsvr32.exe	82
PID 1664 wrote to memory of 836	1664	regsvr32.exe	82
PID 1664 wrote to memory of 836	1664	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a842daed31623ff5a7652b578135b12c94fd6b63df918e02bf4846e3fac3d31f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a842daed31623ff5a7652b578135b12c94fd6b63df918e02bf4846e3fac3d31f.dll
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:836

memory/836-133-0x0000000000400000-0x00000000004F0000-memory.dmp

Filesize
960KB

Download