Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/01/2024, 13:44

General

  • Target

    74d80069c050e21a5c003a05f0fe4a38.dll

  • Size

    36KB

  • MD5

    74d80069c050e21a5c003a05f0fe4a38

  • SHA1

    75e89b772340658745407499cce03f3a449c7279

  • SHA256

    2d05f2cbe37b3d21275ada3eeef137f3541f779e92c0cf9fbe2848279dcdb714

  • SHA512

    01c018641413a9ca503e48d592141ff3b90354e25f020957e838b891cac29d0f1e22ee21913ba16c95e772d18b7a4e9528d446abfea21f09105838a21742f4b0

  • SSDEEP

    384:se5D0/TiEyb+zPOXPVjObde5QoTYyCVbNit/JpJgLa0MpvzX:sdFOVC+xTYyiNiXgLa1Jz

Score
1/10

Malware Config

Signatures

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\74d80069c050e21a5c003a05f0fe4a38.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1644
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\74d80069c050e21a5c003a05f0fe4a38.dll
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2040
      • C:\Windows\SysWOW64\Rundll32.exe
        C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\74d80069c050e21a5c003a05f0fe4a38.dll,DllUnregisterServer
        3⤵
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        PID:1052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads