15c521f118d5b190728b2742d9227c2558d6ad39cfe4c33fe58e56cccd3eb4a2

Analysis

max time kernel
133s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 05:46

Target

73e36f76e55ab5e0fb98d23804481d1b.dll
Size

44KB
MD5

73e36f76e55ab5e0fb98d23804481d1b
SHA1

199dea10ce4d826b86f3351e3d254c1de683ccdb
SHA256

15c521f118d5b190728b2742d9227c2558d6ad39cfe4c33fe58e56cccd3eb4a2
SHA512

d2f1766939970b200339dad3f070b8c7c078d5e3588e62303c286aeb279f62f30291722c0a35e39d87a5ae2bca76c8053bbf1581e9d7667f696e9e750a2626c3
SSDEEP

768:knSRjDYw6o6TApkavev8+hF9FCXdGROT/rgLa17:uinezpv8+hAXMLa

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2856	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2856	Rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4208 wrote to memory of 3332	4208	regsvr32.exe	86
PID 4208 wrote to memory of 3332	4208	regsvr32.exe	86
PID 4208 wrote to memory of 3332	4208	regsvr32.exe	86
PID 3332 wrote to memory of 2856	3332	regsvr32.exe	89
PID 3332 wrote to memory of 2856	3332	regsvr32.exe	89
PID 3332 wrote to memory of 2856	3332	regsvr32.exe	89

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\73e36f76e55ab5e0fb98d23804481d1b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4208
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\73e36f76e55ab5e0fb98d23804481d1b.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3332
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\73e36f76e55ab5e0fb98d23804481d1b.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:2856