c13c17543f3bf77469da94bf8edcb7981a505b4a0c2a9785455b5514c96d6e9a

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 08:10

Target

98e9a06af2715a9112fc2e8cd017f3f9.dll
Size

22KB
MD5

98e9a06af2715a9112fc2e8cd017f3f9
SHA1

4ff99417523576427a3fa5e1e1d61a92f8096371
SHA256

c13c17543f3bf77469da94bf8edcb7981a505b4a0c2a9785455b5514c96d6e9a
SHA512

70995fc97f3b32fc4193b9865dd197f697c20588141b9e6fb1ebe33b196f04f945d188852f11acd65f51e64ca2934de623d91b3df6fffbefd9664f9766e1d17f
SSDEEP

384:aEdD0iFQJg+lFixZ0CSEEYNZgk82qnTEe197yXv:a+D0yigUFwZ0pEtgk89TR197yXv

Score

1^/10

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3}\InprocServer32	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3}	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\98e9a06af2715a9112fc2e8cd017f3f9.dll"	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E03C23BD-35B7-49C2-BBCA-6D8CEC2507E3}\InprocServer32\ThreadingModel = "Apartment"	rundll32.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2648	rundll32.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2648	2652	rundll32.exe	28
PID 2652 wrote to memory of 2648	2652	rundll32.exe	28
PID 2652 wrote to memory of 2648	2652	rundll32.exe	28
PID 2652 wrote to memory of 2648	2652	rundll32.exe	28
PID 2652 wrote to memory of 2648	2652	rundll32.exe	28
PID 2652 wrote to memory of 2648	2652	rundll32.exe	28
PID 2652 wrote to memory of 2648	2652	rundll32.exe	28
PID 2648 wrote to memory of 1316	2648	rundll32.exe	22

memory/1316-3-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/2648-1-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download
memory/2648-0-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download
memory/2648-2-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download