16cb7cb8fb9555f122ea00dc3ecb5371e580c504532be71a41c63891ef3bf491

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 19:00

Target

16cb7cb8fb9555f122ea00dc3ecb5371e580c504532be71a41c63891ef3bf491.dll
Size

1.1MB
MD5

d61de973554e5ae4b6690275a6b7eb61
SHA1

c3cb298671af2fca04e17326cb3a624b29baae21
SHA256

16cb7cb8fb9555f122ea00dc3ecb5371e580c504532be71a41c63891ef3bf491
SHA512

31944b6bf3c81f66e47f88079b672e94c920406c9b40ed3632758fc1b7eae1e95738c9b9495a25b197463ca64615a80d808ddb9f00be0f623081db6ab0f9fd95
SSDEEP

24576:0LUoVJwLfpm9GbPYl5IguaHbX6HMfPoc7Qt/lCSYgfvRaxOpVo:Xfppk5zf7QtdrRa4Vo

Score

1^/10

Modifies registry class 9 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32\ThreadingModel = "Both"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{59A790E6-AD8E-452B-B6B0-80373F47D87A}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{59A790E6-AD8E-452B-B6B0-80373F47D87A}\	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\16cb7cb8fb9555f122ea00dc3ecb5371e580c504532be71a41c63891ef3bf491.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{59A790E6-AD8E-452B-B6B0-80373F47D87A}\DllSurrogate	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\AppID = "{59A790E6-AD8E-452B-B6B0-80373F47D87A}"	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 2072	2004	regsvr32.exe	28
PID 2004 wrote to memory of 2072	2004	regsvr32.exe	28
PID 2004 wrote to memory of 2072	2004	regsvr32.exe	28
PID 2004 wrote to memory of 2072	2004	regsvr32.exe	28
PID 2004 wrote to memory of 2072	2004	regsvr32.exe	28
PID 2004 wrote to memory of 2072	2004	regsvr32.exe	28
PID 2004 wrote to memory of 2072	2004	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\16cb7cb8fb9555f122ea00dc3ecb5371e580c504532be71a41c63891ef3bf491.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\16cb7cb8fb9555f122ea00dc3ecb5371e580c504532be71a41c63891ef3bf491.dll
  2⤵
  - Modifies registry class
  PID:2072