db125eb3c13135d8ea41330c7cd8e3fac91c14c2c1bd368ccb9c75ba3025afc9

Analysis

max time kernel
183s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 04:22

Target

db125eb3c13135d8ea41330c7cd8e3fac91c14c2c1bd368ccb9c75ba3025afc9.dll
Size

88KB
MD5

44ca7a2f4e344e97e0320b6f279202f6
SHA1

1daf6c3e98bdf4e321aa6f26aa1479ceaf476847
SHA256

db125eb3c13135d8ea41330c7cd8e3fac91c14c2c1bd368ccb9c75ba3025afc9
SHA512

b9e20f3898469f487788112549c48be26f552d8d56ed94189076cdf2122fce8ddf54eeedf0d22918f94a5f5869d6a91db7389fa58bcddc891cb79c99c1cecd68
SSDEEP

1536:49p6+y4gfnOM5N+mnIUSfSFmEeMAvPXPuHH2rM4cosFcH2/:0FCnOMRIUH0EKPLcosFcH2/

Score

1^/10

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{23539089-449C-270A-8C6F-DEEBDA8C2A2E}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{23539089-449C-270A-8C6F-DEEBDA8C2A2E}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{23539089-449C-270A-8C6F-DEEBDA8C2A2E}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{23539089-449C-270A-8C6F-DEEBDA8C2A2E}\1.0	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{23539089-449C-270A-8C6F-DEEBDA8C2A2E}\1.0\ = "loader_c 1.0 Type Library"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{23539089-449C-270A-8C6F-DEEBDA8C2A2E}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\db125eb3c13135d8ea41330c7cd8e3fac91c14c2c1bd368ccb9c75ba3025afc9.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{23539089-449C-270A-8C6F-DEEBDA8C2A2E}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{23539089-449C-270A-8C6F-DEEBDA8C2A2E}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{23539089-449C-270A-8C6F-DEEBDA8C2A2E}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{23539089-449C-270A-8C6F-DEEBDA8C2A2E}\1.0\0\win32	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4564 wrote to memory of 1060	4564	regsvr32.exe	82
PID 4564 wrote to memory of 1060	4564	regsvr32.exe	82
PID 4564 wrote to memory of 1060	4564	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\db125eb3c13135d8ea41330c7cd8e3fac91c14c2c1bd368ccb9c75ba3025afc9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4564
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\db125eb3c13135d8ea41330c7cd8e3fac91c14c2c1bd368ccb9c75ba3025afc9.dll
  2⤵
  - Modifies registry class
  PID:1060