2d05f2cbe37b3d21275ada3eeef137f3541f779e92c0cf9fbe2848279dcdb714

Analysis

max time kernel
91s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 13:44

Target

74d80069c050e21a5c003a05f0fe4a38.dll
Size

36KB
MD5

74d80069c050e21a5c003a05f0fe4a38
SHA1

75e89b772340658745407499cce03f3a449c7279
SHA256

2d05f2cbe37b3d21275ada3eeef137f3541f779e92c0cf9fbe2848279dcdb714
SHA512

01c018641413a9ca503e48d592141ff3b90354e25f020957e838b891cac29d0f1e22ee21913ba16c95e772d18b7a4e9528d446abfea21f09105838a21742f4b0
SSDEEP

384:se5D0/TiEyb+zPOXPVjObde5QoTYyCVbNit/JpJgLa0MpvzX:sdFOVC+xTYyiNiXgLa1Jz

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4060	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4060	Rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 4256	2024	regsvr32.exe	86
PID 2024 wrote to memory of 4256	2024	regsvr32.exe	86
PID 2024 wrote to memory of 4256	2024	regsvr32.exe	86
PID 4256 wrote to memory of 4060	4256	regsvr32.exe	87
PID 4256 wrote to memory of 4060	4256	regsvr32.exe	87
PID 4256 wrote to memory of 4060	4256	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\74d80069c050e21a5c003a05f0fe4a38.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\74d80069c050e21a5c003a05f0fe4a38.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4256
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\74d80069c050e21a5c003a05f0fe4a38.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:4060