ff93e40edabc048163e138953f333b7366675013bf2e795ed3b6aed2a74a5d58

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 00:29

Target

54fe724140f70d9de94fc9a0b312f074.dll
Size

44KB
MD5

54fe724140f70d9de94fc9a0b312f074
SHA1

c10c1f6b73202096b8a28a54fb8669545a8f9b2c
SHA256

ff93e40edabc048163e138953f333b7366675013bf2e795ed3b6aed2a74a5d58
SHA512

86fdd885fd13e0f6c48cc366e7523307a1d73b280c10179356b0f086d64e11390cb39abc69d8612dde1f97a339b60a852b3e71912cfe68308453e10dfc31f2f1
SSDEEP

384:xcpnUZcPGnDtkav5P2DU8vzrjArWsBM8NQNBoXRrbMKSsHzJpJgLa0Mpk:qx+npkavBC7r0xpQ4VbMnslgLa1u

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3224	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3224	Rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1460 wrote to memory of 3904	1460	regsvr32.exe	14
PID 1460 wrote to memory of 3904	1460	regsvr32.exe	14
PID 1460 wrote to memory of 3904	1460	regsvr32.exe	14
PID 3904 wrote to memory of 3224	3904	regsvr32.exe	20
PID 3904 wrote to memory of 3224	3904	regsvr32.exe	20
PID 3904 wrote to memory of 3224	3904	regsvr32.exe	20

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\54fe724140f70d9de94fc9a0b312f074.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Windows\SysWOW64\Rundll32.exe
  C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\54fe724140f70d9de94fc9a0b312f074.dll,DllUnregisterServer
  2⤵
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  PID:3224

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\54fe724140f70d9de94fc9a0b312f074.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1460