8f4448a72aa081e63bdc010b2830eb51e17adb8296a93a50da04be049eb6883c

Analysis

max time kernel
134s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2023, 19:42

Target

8f4448a72aa081e63bdc010b2830eb51e17adb8296a93a50da04be049eb6883c.dll
Size

1.3MB
MD5

383d2480379a3129f44024c3c0101dbf
SHA1

5740d0959c501d29023f2c6ddd0fca4f58ff7d10
SHA256

8f4448a72aa081e63bdc010b2830eb51e17adb8296a93a50da04be049eb6883c
SHA512

336d70eb7c28b746dd001822f0c151fe19330c131aca05724e0cc12ddd7e9f967f5eb030cb22e1ee723419bbf8a644726e8550668156d4d932e68d339068233a
SSDEEP

12288:LkMcXLjJxe3puajkqNqqhDpkkUFYl9tb2l6C8:LRcbipuajkqNqq3kkkYDluC

Score

1^/10

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3F4CDED-B1E9-41EE-9CA6-7B4D0DE6CB0A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3F4CDED-B1E9-41EE-9CA6-7B4D0DE6CB0A}\ = "Weasel"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3F4CDED-B1E9-41EE-9CA6-7B4D0DE6CB0A}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3F4CDED-B1E9-41EE-9CA6-7B4D0DE6CB0A}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8f4448a72aa081e63bdc010b2830eb51e17adb8296a93a50da04be049eb6883c.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A3F4CDED-B1E9-41EE-9CA6-7B4D0DE6CB0A}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4528 wrote to memory of 2036	4528	regsvr32.exe	89
PID 4528 wrote to memory of 2036	4528	regsvr32.exe	89
PID 4528 wrote to memory of 2036	4528	regsvr32.exe	89

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8f4448a72aa081e63bdc010b2830eb51e17adb8296a93a50da04be049eb6883c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4528
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\8f4448a72aa081e63bdc010b2830eb51e17adb8296a93a50da04be049eb6883c.dll
  2⤵
  - Modifies registry class
  PID:2036