3aad9ddb5be2c365f7370df0a9d449dfb664b9d6b513895d7d08f59a6348e840

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 12:07

Target

180a8e9398a433067cbb7b7aa6b16968.dll
Size

44KB
MD5

180a8e9398a433067cbb7b7aa6b16968
SHA1

6d794f20036cb272a7dde98ff6663f5a5f5801d0
SHA256

3aad9ddb5be2c365f7370df0a9d449dfb664b9d6b513895d7d08f59a6348e840
SHA512

61e4e80ff81b0b020d08985cd62ec76adacdb8e8ccb12aa5348bbc5296ff426647c6930072d6dd837117cdf5efc960ac617bc92ceba7468ebb622d4f9ff3cee9
SSDEEP

768:i6PYpkavFSQfcaI+oz7pNtYz5JpkgLa1KqNtWKxjm:5DiSQ18z7pozjLLagqNtWK

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2340	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2340	Rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1868 wrote to memory of 1692	1868	regsvr32.exe	28
PID 1868 wrote to memory of 1692	1868	regsvr32.exe	28
PID 1868 wrote to memory of 1692	1868	regsvr32.exe	28
PID 1868 wrote to memory of 1692	1868	regsvr32.exe	28
PID 1868 wrote to memory of 1692	1868	regsvr32.exe	28
PID 1868 wrote to memory of 1692	1868	regsvr32.exe	28
PID 1868 wrote to memory of 1692	1868	regsvr32.exe	28
PID 1692 wrote to memory of 2340	1692	regsvr32.exe	29
PID 1692 wrote to memory of 2340	1692	regsvr32.exe	29
PID 1692 wrote to memory of 2340	1692	regsvr32.exe	29
PID 1692 wrote to memory of 2340	1692	regsvr32.exe	29
PID 1692 wrote to memory of 2340	1692	regsvr32.exe	29
PID 1692 wrote to memory of 2340	1692	regsvr32.exe	29
PID 1692 wrote to memory of 2340	1692	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\180a8e9398a433067cbb7b7aa6b16968.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1868
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\180a8e9398a433067cbb7b7aa6b16968.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1692
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\180a8e9398a433067cbb7b7aa6b16968.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:2340