970ac5fbe9f91dba7e085925fa78c28cc2165e965de37dee860cc0964f1c36de

Analysis

max time kernel
132s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 12:05

Target

InkEd.dll
Size

225KB
MD5

1865afac5d551e5cd89103158f048e52
SHA1

fa5c6a91c1c3160576682b73019c68cb80e8dd31
SHA256

970ac5fbe9f91dba7e085925fa78c28cc2165e965de37dee860cc0964f1c36de
SHA512

ded1133c6ab1d0c99497dddad481c144f73c3966784d1ca93038ea40ce2146ae2345d137712b2131cd65c9952d7cb99323ae53b2adc5e950ef60cb6bed72eb02
SSDEEP

3072:KhDvk7RwEMYOoXohD8ePL6AZEsYyzvtX4wvXnHNmjA50rGgEN6wiFr76rT6rgtqP:Kh8yEM8e21g692vQASr23zJYnbzoI2M

Score

1^/10

Modifies registry class 10 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5CA59F5-57C4-4DD8-9BD6-1DEEEDD27AF4}	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8405D0DF-9FDD-4829-AEAD-8E2B0A18FEA4}\1.0\HELPDIR	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8405D0DF-9FDD-4829-AEAD-8E2B0A18FEA4}\1.0	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\InkEd.InkEdit\CLSID	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\InkEd.InkEdit	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{E5CA59F5-57C4-4DD8-9BD6-1DEEEDD27AF4}\ToolboxBitmap32	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{8405D0DF-9FDD-4829-AEAD-8E2B0A18FEA4}	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 2724	3424	regsvr32.exe	90
PID 3424 wrote to memory of 2724	3424	regsvr32.exe	90
PID 3424 wrote to memory of 2724	3424	regsvr32.exe	90

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\InkEd.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\InkEd.dll
  2⤵
  - Modifies registry class
  PID:2724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4368,i,5047420736443372512,9747851268033796534,262144 --variations-seed-version --mojo-platform-channel-handle=4428 /prefetch:8
1⤵
PID:1180