9c31a2f4ce92ef2fa91e4f1e846139dfe4914964fd01f95b270a0786542c5eb2

Analysis

max time kernel
155s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 11:11

Target

9c31a2f4ce92ef2fa91e4f1e846139dfe4914964fd01f95b270a0786542c5eb2.dll
Size

52KB
MD5

a725b30ecd2663b7f25027d6eb19ce80
SHA1

d848c22fda654ddcd5181463ef6177489ed68901
SHA256

9c31a2f4ce92ef2fa91e4f1e846139dfe4914964fd01f95b270a0786542c5eb2
SHA512

2f8162d48e05d98ad249fca90cb15d15601fe8e06147f5b8bae8a816b2880151242ddc81b0ed99cc14e592d362651bd7c24da5c8c682ea979aad06f3b78b3587
SSDEEP

1536:ZGOTv8U6W3PcIx12K7a1v3jpl0K3yoSK/7vQNHFcgCVp3:z0UB32pAgsdcp3

Score

4^/10

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\pKqŸ³®ì?È	regsvr32.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\\|G}“¿Œ\ = "\x1dOOÓ\u008fèó/óH\\;ø"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\\|G}“¿Œ\ = "=KRÎ¸÷áxÛYKnÉpÂï\x11"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\flá–Î®,êu@;Ÿ'‘…}jÅ(,òsÄ?NR×®øò1ÁZl´ª’UGÄ1„€rHÀŒËÒócS´°’]oÝ† s	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\flá–Î®,êu@;Ÿ'‘…}jÅ(,òsÄ?NR×®øò1ÁZl´ª’UGÄ1„€rHÀŒËÒócS´°’]oÝ† s\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9c31a2f4ce92ef2fa91e4f1e846139dfe4914964fd01f95b270a0786542c5eb2.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\sHrœ°ß¿=§	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\sHrœ°ß¿=§\ = "u\x1f\\äçñ¹O\x11YEÖ«ìï<ÓJM3ˆ,å"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\\|G}“¿Œ	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\\|G}“¿Œ\ofî§ðùOU[À±ýë0”TN+ÍiÏê& ŽAYNß§ýÙ ÓKZ1ž^ = "\vU[À±ýë0”TN+ÍiÏê& ŽA\x1dYNß§ýÙ ÓKZ1ž^"	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3612 wrote to memory of 4244	3612	regsvr32.exe	79
PID 3612 wrote to memory of 4244	3612	regsvr32.exe	79
PID 3612 wrote to memory of 4244	3612	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9c31a2f4ce92ef2fa91e4f1e846139dfe4914964fd01f95b270a0786542c5eb2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\9c31a2f4ce92ef2fa91e4f1e846139dfe4914964fd01f95b270a0786542c5eb2.dll
  2⤵
  - Drops file in Windows directory
  - Modifies registry class
  PID:4244