ee07b8eccf95700dff7970d9f7df5858f7eb1da3e4652f03164326403e1d2dd1

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2024 01:53

Target

ee07b8eccf95700dff7970d9f7df5858f7eb1da3e4652f03164326403e1d2dd1.dll
Size

1.1MB
MD5

de9b08a9fc03da4fd18e7a9e092b94e7
SHA1

71c7f2786c814501aac584f1a25522048000e028
SHA256

ee07b8eccf95700dff7970d9f7df5858f7eb1da3e4652f03164326403e1d2dd1
SHA512

123a51916d40d94b80ab780606cc76f140b43d6f6f28887d2c3a9623238afe900a42af19e0bf63cb39689d2f722dd0e33c48090e211cda76cf45dce0e2c5291d
SSDEEP

24576:92LOpzLN0qbGUs44T6I9l7VhcVCXfTFDNPo5R4hMmM:kO0qD4TZLXfThGvmM

Score

1^/10

Modifies registry class 9 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ee07b8eccf95700dff7970d9f7df5858f7eb1da3e4652f03164326403e1d2dd1.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{772B0123-E78E-4E67-94B7-354553832249}\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{772B0123-E78E-4E67-94B7-354553832249}\DllSurrogate	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000000-0000-0000-0000-000000000000}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\AppID = "{772B0123-E78E-4E67-94B7-354553832249}"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{772B0123-E78E-4E67-94B7-354553832249}	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 2432	1780	regsvr32.exe	91
PID 1780 wrote to memory of 2432	1780	regsvr32.exe	91
PID 1780 wrote to memory of 2432	1780	regsvr32.exe	91

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ee07b8eccf95700dff7970d9f7df5858f7eb1da3e4652f03164326403e1d2dd1.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ee07b8eccf95700dff7970d9f7df5858f7eb1da3e4652f03164326403e1d2dd1.dll
  2⤵
  - Modifies registry class
  PID:2432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3868 --field-trial-handle=2264,i,1475924722205134884,16549311107360026087,262144 --variations-seed-version /prefetch:8
1⤵
PID:3924