ecdfdd65480a4f1ad0e23754d956939d65a3a1c24724c3ed7281d1dd91c2554a

Analysis

max time kernel
150s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 12:26

Target

ecdfdd65480a4f1ad0e23754d956939d65a3a1c24724c3ed7281d1dd91c2554a.dll
Size

48KB
MD5

32bd4b1eda736239c99b3acb45cf7b76
SHA1

8e6069e137b1574823522c2e2cf788fe2ab311c3
SHA256

ecdfdd65480a4f1ad0e23754d956939d65a3a1c24724c3ed7281d1dd91c2554a
SHA512

8bd58a06e9a1b3ad15cb7a844b4b52a55337208b8ad5433def33ebb977d7d3a7137dce2e8a6e7e4cff645424ea245c858dc92dc6dd949c2b2a5efc2ea0e58adf
SSDEEP

768:xg/f99xQkDccdzjqE/GDIyMAPZ2+mxGwkUxDVJ9yOoYfp+:m/1vQ0NdyEmIyMGTxw/tVCJYf

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4060	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4060	Rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4336 wrote to memory of 4568	4336	regsvr32.exe	79
PID 4336 wrote to memory of 4568	4336	regsvr32.exe	79
PID 4336 wrote to memory of 4568	4336	regsvr32.exe	79
PID 4568 wrote to memory of 4060	4568	regsvr32.exe	80
PID 4568 wrote to memory of 4060	4568	regsvr32.exe	80
PID 4568 wrote to memory of 4060	4568	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ecdfdd65480a4f1ad0e23754d956939d65a3a1c24724c3ed7281d1dd91c2554a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4336
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ecdfdd65480a4f1ad0e23754d956939d65a3a1c24724c3ed7281d1dd91c2554a.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4568
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecdfdd65480a4f1ad0e23754d956939d65a3a1c24724c3ed7281d1dd91c2554a.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:4060