77c32810b571fc22d4f6d9e7fcb4331cc4ceeebdcbc60d7ff7a857e1563ec50c

Analysis

max time kernel
140s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 21:40

Target

77c32810b571fc22d4f6d9e7fcb4331cc4ceeebdcbc60d7ff7a857e1563ec50c.dll
Size

48KB
MD5

692f93481cbe7e06c0b26691541d6f17
SHA1

31d9fcee81e2b087dd178ab1b21270df91c56ba5
SHA256

77c32810b571fc22d4f6d9e7fcb4331cc4ceeebdcbc60d7ff7a857e1563ec50c
SHA512

245e055ee8a3602bf4e114452a8f459ebdb35649862511845d9ab74edb43f18a46f3da3e8d5d7ef4a2ed5f561b51303d3e5207ed8747239292f65e48d3ebdfcd
SSDEEP

768:dg+aquj/fMWW1mpyURCttfApLYTZvDG9Fg56NdgsjkO8Ss:faqC/fDWiHFFyx3ENdZkg

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2392	Rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2392	Rundll32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 1408	1884	regsvr32.exe	92
PID 1884 wrote to memory of 1408	1884	regsvr32.exe	92
PID 1884 wrote to memory of 1408	1884	regsvr32.exe	92
PID 1408 wrote to memory of 2392	1408	regsvr32.exe	94
PID 1408 wrote to memory of 2392	1408	regsvr32.exe	94
PID 1408 wrote to memory of 2392	1408	regsvr32.exe	94

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\77c32810b571fc22d4f6d9e7fcb4331cc4ceeebdcbc60d7ff7a857e1563ec50c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\77c32810b571fc22d4f6d9e7fcb4331cc4ceeebdcbc60d7ff7a857e1563ec50c.dll
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1408
- - C:\Windows\SysWOW64\Rundll32.exe
    C:\Windows\system32\Rundll32.exe C:\Users\Admin\AppData\Local\Temp\77c32810b571fc22d4f6d9e7fcb4331cc4ceeebdcbc60d7ff7a857e1563ec50c.dll,DllUnregisterServer
    3⤵
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:2392