52d540967202aa6e2069dd94711f926ac68ca8f67e90740b8734033546c3148a

Analysis

max time kernel
96s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 17:17

Target

8ce53e440792c40f2b5f8c926337c379.dll
Size

64KB
MD5

8ce53e440792c40f2b5f8c926337c379
SHA1

7029f5d1a895ec9564a774c408c334fb25acca57
SHA256

52d540967202aa6e2069dd94711f926ac68ca8f67e90740b8734033546c3148a
SHA512

26717f84f262bfc94185dd42c44bc3ea0dd904422ed1e5c58c03d3f46d24876773bad519c9619ecce0c699ca52813b5e1f014a927286c5381a67465879a33f39
SSDEEP

768:+gySxDwCe4K+3tbtmVZIA/e65NE4eYoGc4JKkL0T3Mu/lWeuIKeunHeu/9Uguc7l:+4NS+dpmVc65Gahc4JKfMuraPhcuB

Score

1^/10

Modifies registry class 10 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2DD822A0-6C0C-45BC-9CBF-1C7B526C90BB}\1.0\0\win32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\8ce53e440792c40f2b5f8c926337c379.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2DD822A0-6C0C-45BC-9CBF-1C7B526C90BB}\1.0\HELPDIR	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2DD822A0-6C0C-45BC-9CBF-1C7B526C90BB}\1.0\ = "XInLink 1.0 Type Library"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2DD822A0-6C0C-45BC-9CBF-1C7B526C90BB}\1.0\FLAGS	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2DD822A0-6C0C-45BC-9CBF-1C7B526C90BB}\1.0\FLAGS\ = "0"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2DD822A0-6C0C-45BC-9CBF-1C7B526C90BB}\1.0\0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2DD822A0-6C0C-45BC-9CBF-1C7B526C90BB}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2DD822A0-6C0C-45BC-9CBF-1C7B526C90BB}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2DD822A0-6C0C-45BC-9CBF-1C7B526C90BB}\1.0\0\win32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2DD822A0-6C0C-45BC-9CBF-1C7B526C90BB}\1.0\HELPDIR\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\"	regsvr32.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
4208	regsvr32.exe
660	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeLoadDriverPrivilege	4208	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 4208	1368	regsvr32.exe	86
PID 1368 wrote to memory of 4208	1368	regsvr32.exe	86
PID 1368 wrote to memory of 4208	1368	regsvr32.exe	86

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8ce53e440792c40f2b5f8c926337c379.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\8ce53e440792c40f2b5f8c926337c379.dll
  2⤵
  - Modifies registry class
  - Suspicious behavior: LoadsDriver
  - Suspicious use of AdjustPrivilegeToken
  PID:4208