e1fce8dbaee098c8afa7d060e96fc1c1c45d794958a63a8afba58e9584405de4

Analysis

max time kernel
118s
max time network
142s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 17:38

Target

317cb4d30cecc7437eac0bb689512714.dll
Size

56KB
MD5

317cb4d30cecc7437eac0bb689512714
SHA1

0ca449ee9c1c5d0f02974ce39d07803a1632dda8
SHA256

e1fce8dbaee098c8afa7d060e96fc1c1c45d794958a63a8afba58e9584405de4
SHA512

07ec59ddefd719999da56bbd9553dc1465115b26403be4dcd51808f30188a2b76962ded6db250a7aa467e191c47ee05e2a70a2b8d6faf7923841a5b4e51bf286
SSDEEP

768:87Pw3VDnkyEF6XrNdh7sEnNj6ywLnvYZd9uaBCBgoTcBBnu2kLAbrV:PhpE67Nb7shpvyd9ag3/n2LAX

Score

1^/10

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5B153A12-D1BD-4F3D-A5C7-EE16D5A1186C}\InProcServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5B153A12-D1BD-4F3D-A5C7-EE16D5A1186C}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5B153A12-D1BD-4F3D-A5C7-EE16D5A1186C}\ = "NTPAD ForceFeeback DLL"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5B153A12-D1BD-4F3D-A5C7-EE16D5A1186C}\InProcServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{5B153A12-D1BD-4F3D-A5C7-EE16D5A1186C}\InProcServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\317cb4d30cecc7437eac0bb689512714.dll"	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 2576	1984	regsvr32.exe	29
PID 1984 wrote to memory of 2576	1984	regsvr32.exe	29
PID 1984 wrote to memory of 2576	1984	regsvr32.exe	29
PID 1984 wrote to memory of 2576	1984	regsvr32.exe	29
PID 1984 wrote to memory of 2576	1984	regsvr32.exe	29
PID 1984 wrote to memory of 2576	1984	regsvr32.exe	29
PID 1984 wrote to memory of 2576	1984	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\317cb4d30cecc7437eac0bb689512714.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\317cb4d30cecc7437eac0bb689512714.dll
  2⤵
  - Modifies registry class
  PID:2576