2d05f2cbe37b3d21275ada3eeef137f3541f779e92c0cf9fbe2848279dcdb714

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 13:44

Target

74d80069c050e21a5c003a05f0fe4a38.dll
Size

36KB
MD5

74d80069c050e21a5c003a05f0fe4a38
SHA1

75e89b772340658745407499cce03f3a449c7279
SHA256

2d05f2cbe37b3d21275ada3eeef137f3541f779e92c0cf9fbe2848279dcdb714
SHA512

01c018641413a9ca503e48d592141ff3b90354e25f020957e838b891cac29d0f1e22ee21913ba16c95e772d18b7a4e9528d446abfea21f09105838a21742f4b0
SSDEEP

384:se5D0/TiEyb+zPOXPVjObde5QoTYyCVbNit/JpJgLa0MpvzX:sdFOVC+xTYyiNiXgLa1Jz

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1052	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1052	Rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1644 wrote to memory of 2040	1644	regsvr32.exe	28
PID 1644 wrote to memory of 2040	1644	regsvr32.exe	28
PID 1644 wrote to memory of 2040	1644	regsvr32.exe	28
PID 1644 wrote to memory of 2040	1644	regsvr32.exe	28
PID 1644 wrote to memory of 2040	1644	regsvr32.exe	28
PID 1644 wrote to memory of 2040	1644	regsvr32.exe	28
PID 1644 wrote to memory of 2040	1644	regsvr32.exe	28
PID 2040 wrote to memory of 1052	2040	regsvr32.exe	29
PID 2040 wrote to memory of 1052	2040	regsvr32.exe	29
PID 2040 wrote to memory of 1052	2040	regsvr32.exe	29
PID 2040 wrote to memory of 1052	2040	regsvr32.exe	29
PID 2040 wrote to memory of 1052	2040	regsvr32.exe	29
PID 2040 wrote to memory of 1052	2040	regsvr32.exe	29
PID 2040 wrote to memory of 1052	2040	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\74d80069c050e21a5c003a05f0fe4a38.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1644
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\74d80069c050e21a5c003a05f0fe4a38.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2040
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\74d80069c050e21a5c003a05f0fe4a38.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:1052