1989d2270bbcccdb775b18e38317da6ddc879be4c3476808f298c9a69bb14864

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
29/08/2023, 12:23

Target

1989d2270bbcccdb775b18e38317da6ddc879be4c3476808f298c9a69bb14864.dll
Size

872KB
MD5

e38ed30649df49535c6025fce8aee6ed
SHA1

1daf7675cb2f96c44346453c204cada036a9d741
SHA256

1989d2270bbcccdb775b18e38317da6ddc879be4c3476808f298c9a69bb14864
SHA512

40ca0c1ecfc43e72d4cb6f1e2ade904b711c43e2486100c3a22c8a7312e85efb89a6c3c2517654d0846746bd4dd282238d9c4efb32df1b53431bbec43431e7a4
SSDEEP

12288:rTaxENaa+Wwk40WtY0oes/u874ewwpJb0fNNAzjVXmX5wpDw/wo+E5mVYoLb8rN/:rCo82u04ewwpSQjFmJ0DM6a

Score

1^/10

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84A99098-2C6B-480D-9DFA-46A15D7096C1}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84A99098-2C6B-480D-9DFA-46A15D7096C1}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84A99098-2C6B-480D-9DFA-46A15D7096C1}\ = "Weasel"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84A99098-2C6B-480D-9DFA-46A15D7096C1}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{84A99098-2C6B-480D-9DFA-46A15D7096C1}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1989d2270bbcccdb775b18e38317da6ddc879be4c3476808f298c9a69bb14864.dll"	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2584	2044	regsvr32.exe	28
PID 2044 wrote to memory of 2584	2044	regsvr32.exe	28
PID 2044 wrote to memory of 2584	2044	regsvr32.exe	28
PID 2044 wrote to memory of 2584	2044	regsvr32.exe	28
PID 2044 wrote to memory of 2584	2044	regsvr32.exe	28
PID 2044 wrote to memory of 2584	2044	regsvr32.exe	28
PID 2044 wrote to memory of 2584	2044	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1989d2270bbcccdb775b18e38317da6ddc879be4c3476808f298c9a69bb14864.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1989d2270bbcccdb775b18e38317da6ddc879be4c3476808f298c9a69bb14864.dll
  2⤵
  - Modifies registry class
  PID:2584