ebde21b00eee12e69bb7303ac8493732c1ca20f5cf543cf467eee617a96a94d0

Analysis

max time kernel
179s
max time network
245s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 21:38

Target

ebde21b00eee12e69bb7303ac8493732c1ca20f5cf543cf467eee617a96a94d0.dll
Size

32KB
MD5

05252ea663f70228635a623f10a46bf1
SHA1

6beb954cb11df8e5aaf3e91ea4417d73e6d144be
SHA256

ebde21b00eee12e69bb7303ac8493732c1ca20f5cf543cf467eee617a96a94d0
SHA512

f8a352e3b78fb403f7865c48d886c24dc539db8f2726c602676eeaae27efbcee174a6d77e22bdc8a2577c60706f47e141bb064e3fb1c6eef9f3ab22b2cb1a652
SSDEEP

384:6vqzx/Iw2ysKO603mYqCTqN+Vc6MRqoMOAgIpe8xVz:6stIWHomYqCi+Vc6iqt5gIpe8T

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1856	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1856	Rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 4744	4656	regsvr32.exe	78
PID 4656 wrote to memory of 4744	4656	regsvr32.exe	78
PID 4656 wrote to memory of 4744	4656	regsvr32.exe	78
PID 4744 wrote to memory of 1856	4744	regsvr32.exe	79
PID 4744 wrote to memory of 1856	4744	regsvr32.exe	79
PID 4744 wrote to memory of 1856	4744	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ebde21b00eee12e69bb7303ac8493732c1ca20f5cf543cf467eee617a96a94d0.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ebde21b00eee12e69bb7303ac8493732c1ca20f5cf543cf467eee617a96a94d0.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4744
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebde21b00eee12e69bb7303ac8493732c1ca20f5cf543cf467eee617a96a94d0.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:1856