ffee9f32cbd3af9925807b2c0fac0f172d7c73e20610717692f878b16b3cb348

Analysis

max time kernel
135s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2023, 01:04

Target

MixSets.dll
Size

520KB
MD5

d65679092030c32f0cbb00fe634dbc6a
SHA1

e9f618e04e8a0fc77870c8683c4c25bc854f2e61
SHA256

ffee9f32cbd3af9925807b2c0fac0f172d7c73e20610717692f878b16b3cb348
SHA512

431e865e1298042ec819952eb1263428781ac3bffcdc5d6af15c3977a5cb807d5c0ab1a4f3447e9d4d906aa3e45ffc594edfdf28d9dbffd8998e92b581a45fa5
SSDEEP

12288:DILisczd8b40Cychde/q9pSARdh4JdV09ssFDMuK+:Dcczd8b0ycn9IJIss9MP+

Score

5^/10

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4484	3168	WerFault.exe	82
3044	3168	WerFault.exe	82

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	mspaint.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2560	mspaint.exe
2560	mspaint.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2952	OpenWith.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2560	mspaint.exe
2952	OpenWith.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 100 wrote to memory of 3168	100	rundll32.exe	82
PID 100 wrote to memory of 3168	100	rundll32.exe	82
PID 100 wrote to memory of 3168	100	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\MixSets.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\MixSets.dll,#1
  2⤵
  PID:3168
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 544
    3⤵
    - Program crash
    PID:4484
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 792
    3⤵
    - Program crash
    PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 3168 -ip 3168
1⤵
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3168 -ip 3168
1⤵
PID:2020

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:2304

memory/2304-133-0x00000280E3260000-0x00000280E3270000-memory.dmp

Filesize
64KB

Download
memory/2304-137-0x00000280E32A0000-0x00000280E32B0000-memory.dmp

Filesize
64KB

Download
memory/2304-144-0x00000280EB570000-0x00000280EB571000-memory.dmp

Filesize
4KB

Download
memory/2304-146-0x00000280EB5F0000-0x00000280EB5F1000-memory.dmp

Filesize
4KB

Download
memory/2304-148-0x00000280EB5F0000-0x00000280EB5F1000-memory.dmp

Filesize
4KB

Download
memory/2304-149-0x00000280EB680000-0x00000280EB681000-memory.dmp

Filesize
4KB

Download
memory/2304-150-0x00000280EB680000-0x00000280EB681000-memory.dmp

Filesize
4KB

Download
memory/2304-151-0x00000280EB690000-0x00000280EB691000-memory.dmp

Filesize
4KB

Download
memory/2304-152-0x00000280EB690000-0x00000280EB691000-memory.dmp

Filesize
4KB

Download