7b9ac99d48dda2b24bce061e5ed23289c4abc97ee9cd49e85980337a071f1d4b

Analysis

max time kernel
92s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2024 07:40

Target

76c6cd5dbe84ebf8d123d54dd8b0a912.dll
Size

48KB
MD5

76c6cd5dbe84ebf8d123d54dd8b0a912
SHA1

5fe154633cfae22be511208e52deb4e32ed3a224
SHA256

7b9ac99d48dda2b24bce061e5ed23289c4abc97ee9cd49e85980337a071f1d4b
SHA512

a45f6e0f554613f39ede2d40b2328400a77de8d5004a470cd816e1ef333bc523f01ae3eb83e730977c538abf141fca18c89d73350e9291bf3befd1354fa553d8
SSDEEP

768:0KB3IuUm9xnRQW3xT3IUHqgAPZyZeVX6d5EfrpMxhXXg:DB3IG9xRd3VIQG4C6djhXXg

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3764	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3764	Rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4436 wrote to memory of 5024	4436	regsvr32.exe	85
PID 4436 wrote to memory of 5024	4436	regsvr32.exe	85
PID 4436 wrote to memory of 5024	4436	regsvr32.exe	85
PID 5024 wrote to memory of 3764	5024	regsvr32.exe	86
PID 5024 wrote to memory of 3764	5024	regsvr32.exe	86
PID 5024 wrote to memory of 3764	5024	regsvr32.exe	86

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\76c6cd5dbe84ebf8d123d54dd8b0a912.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\76c6cd5dbe84ebf8d123d54dd8b0a912.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5024
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\76c6cd5dbe84ebf8d123d54dd8b0a912.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:3764