422f0a45c0de6f256f5ddd17a8573e39dfb97ac7aa2cd143d6b9539d023eb010

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 18:08

Target

ac84f5111a808443276a972b80d6757f.dll
Size

5KB
MD5

ac84f5111a808443276a972b80d6757f
SHA1

1af29edde88a9117dd36b6cbaa0f208b547b8802
SHA256

422f0a45c0de6f256f5ddd17a8573e39dfb97ac7aa2cd143d6b9539d023eb010
SHA512

ad8a68a492823505d81e5bd89c3ca0b7ec695678be90ab07c82f787c6f7b71b85bff524487fd5920081438c86c1133ff1665ab0265c510662c961cfa516df66a
SSDEEP

96:onDAxyBn3vXkiWcu/g2e+Z9txhLT/ft68Df3p1sg4mHM1GAe+KaIouHFmkgcwQwu:AlBn3fbG3T7txhLDb51TeGl+KaI1mkgG

Score

1^/10

Modifies registry class 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C36ECF8F-EAD9-44BD-8DD0-C4240A06F51C}\InprocServer32\ThreadingModel = "Apartment"	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C36ECF8F-EAD9-44BD-8DD0-C4240A06F51C}\InprocServer32	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	rundll32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C36ECF8F-EAD9-44BD-8DD0-C4240A06F51C}	rundll32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{C36ECF8F-EAD9-44BD-8DD0-C4240A06F51C}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ac84f5111a808443276a972b80d6757f.dll"	rundll32.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4996	rundll32.exe
4996	rundll32.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 4996	4836	rundll32.exe	57
PID 4836 wrote to memory of 4996	4836	rundll32.exe	57
PID 4836 wrote to memory of 4996	4836	rundll32.exe	57
PID 4996 wrote to memory of 3552	4996	rundll32.exe	50

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac84f5111a808443276a972b80d6757f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac84f5111a808443276a972b80d6757f.dll,#1
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4996

memory/4996-0-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download