ebde21b00eee12e69bb7303ac8493732c1ca20f5cf543cf467eee617a96a94d0

Analysis

max time kernel
243s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 21:38

Target

ebde21b00eee12e69bb7303ac8493732c1ca20f5cf543cf467eee617a96a94d0.dll
Size

32KB
MD5

05252ea663f70228635a623f10a46bf1
SHA1

6beb954cb11df8e5aaf3e91ea4417d73e6d144be
SHA256

ebde21b00eee12e69bb7303ac8493732c1ca20f5cf543cf467eee617a96a94d0
SHA512

f8a352e3b78fb403f7865c48d886c24dc539db8f2726c602676eeaae27efbcee174a6d77e22bdc8a2577c60706f47e141bb064e3fb1c6eef9f3ab22b2cb1a652
SSDEEP

384:6vqzx/Iw2ysKO603mYqCTqN+Vc6MRqoMOAgIpe8xVz:6stIWHomYqCi+Vc6iqt5gIpe8T

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
664	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
664	Rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 360 wrote to memory of 520	360	regsvr32.exe	28
PID 360 wrote to memory of 520	360	regsvr32.exe	28
PID 360 wrote to memory of 520	360	regsvr32.exe	28
PID 360 wrote to memory of 520	360	regsvr32.exe	28
PID 360 wrote to memory of 520	360	regsvr32.exe	28
PID 360 wrote to memory of 520	360	regsvr32.exe	28
PID 360 wrote to memory of 520	360	regsvr32.exe	28
PID 520 wrote to memory of 664	520	regsvr32.exe	29
PID 520 wrote to memory of 664	520	regsvr32.exe	29
PID 520 wrote to memory of 664	520	regsvr32.exe	29
PID 520 wrote to memory of 664	520	regsvr32.exe	29
PID 520 wrote to memory of 664	520	regsvr32.exe	29
PID 520 wrote to memory of 664	520	regsvr32.exe	29
PID 520 wrote to memory of 664	520	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ebde21b00eee12e69bb7303ac8493732c1ca20f5cf543cf467eee617a96a94d0.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:360
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ebde21b00eee12e69bb7303ac8493732c1ca20f5cf543cf467eee617a96a94d0.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:520
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebde21b00eee12e69bb7303ac8493732c1ca20f5cf543cf467eee617a96a94d0.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:664

memory/360-54-0x000007FEFC1E1000-0x000007FEFC1E3000-memory.dmp

Filesize
8KB

Download
memory/520-56-0x0000000075C11000-0x0000000075C13000-memory.dmp

Filesize
8KB

Download