9cf408f6f5578300b40c1d386e52343efce6443fa7cdab2a4da5913b0da4db81

Analysis

max time kernel
41s
max time network
62s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 11:06

Target

9cf408f6f5578300b40c1d386e52343efce6443fa7cdab2a4da5913b0da4db81.dll
Size

52KB
MD5

5636f87431315015b7a2259a0baf19da
SHA1

629730784e48dac85688a01a7f9edf0ab03dc920
SHA256

9cf408f6f5578300b40c1d386e52343efce6443fa7cdab2a4da5913b0da4db81
SHA512

791aaf1a59e232b9fad28b93506115cd74758f6c968d60af61fa2473a4734114576f515fb04adf2d7ba3e0a5f5c45aa120c0aabb22684eba6102f6c1d8c32059
SSDEEP

1536:dcSKLxOkXbXg8p39qv6Epv0brBKzgd546frpXLfMpTnouy8:jKdfUWqSEpMbQz/6NQZout

Score

1^/10

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9cf408f6f5578300b40c1d386e52343efce6443fa7cdab2a4da5913b0da4db81.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 844	1228	regsvr32.exe	27
PID 1228 wrote to memory of 844	1228	regsvr32.exe	27
PID 1228 wrote to memory of 844	1228	regsvr32.exe	27
PID 1228 wrote to memory of 844	1228	regsvr32.exe	27
PID 1228 wrote to memory of 844	1228	regsvr32.exe	27
PID 1228 wrote to memory of 844	1228	regsvr32.exe	27
PID 1228 wrote to memory of 844	1228	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9cf408f6f5578300b40c1d386e52343efce6443fa7cdab2a4da5913b0da4db81.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\9cf408f6f5578300b40c1d386e52343efce6443fa7cdab2a4da5913b0da4db81.dll
  2⤵
  - Modifies registry class
  PID:844

memory/844-56-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download
memory/1228-54-0x000007FEFB741000-0x000007FEFB743000-memory.dmp

Filesize
8KB

Download