bbcda2b2c880629a86ed1aa755115da75993b31131cd1e5e94c58a13ee89cf5d

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 16:07

Target

bc3afdd8110b9aef35deb4627379238a.dll
Size

44KB
MD5

bc3afdd8110b9aef35deb4627379238a
SHA1

fe2f87190be7477aba2664b01989628ed90e1146
SHA256

bbcda2b2c880629a86ed1aa755115da75993b31131cd1e5e94c58a13ee89cf5d
SHA512

b3f5d75c7d48653f7e4927ea938f4b62f2292e1b36648a3e67d301b6902a90705e30974a6f7128376ee46d5705db2d986a14c824369c4a389e8bf78a2de6a66b
SSDEEP

768:6XoLXIdhVxKpkavVyDwfraEGqdWZt2GVry0csDDgLa1h:V+xZvW6byra8La

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2348	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2348	Rundll32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2200	2172	regsvr32.exe	28
PID 2172 wrote to memory of 2200	2172	regsvr32.exe	28
PID 2172 wrote to memory of 2200	2172	regsvr32.exe	28
PID 2172 wrote to memory of 2200	2172	regsvr32.exe	28
PID 2172 wrote to memory of 2200	2172	regsvr32.exe	28
PID 2172 wrote to memory of 2200	2172	regsvr32.exe	28
PID 2172 wrote to memory of 2200	2172	regsvr32.exe	28
PID 2200 wrote to memory of 2348	2200	regsvr32.exe	29
PID 2200 wrote to memory of 2348	2200	regsvr32.exe	29
PID 2200 wrote to memory of 2348	2200	regsvr32.exe	29
PID 2200 wrote to memory of 2348	2200	regsvr32.exe	29
PID 2200 wrote to memory of 2348	2200	regsvr32.exe	29
PID 2200 wrote to memory of 2348	2200	regsvr32.exe	29
PID 2200 wrote to memory of 2348	2200	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bc3afdd8110b9aef35deb4627379238a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\bc3afdd8110b9aef35deb4627379238a.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2200
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc3afdd8110b9aef35deb4627379238a.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:2348