ee321479d2cb6af6df031ebf8efad9ae912919d736ea7144155ac3200d323722

Analysis

max time kernel
425s
max time network
427s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
15/07/2024, 08:17

Target

typeduckt.dll
Size

1.1MB
MD5

6b8ad195d5f2f19dce8d09d2775f4586
SHA1

fbb4f51a463bc7a9aa3323c72f4718999c4c1180
SHA256

99ffa22bf42d0cd436a6bae5c9f775719796dbbfeca73751f3cc08a33e278e87
SHA512

a656a3db6ef20177f8514d2783067db8910eff230cc87864ef25138adb4e897c3d57f2b3bbacca28bb43fcb472667e1525fc74dfbb0ad5d7b58aa9c924fa7785
SSDEEP

12288:qQn6TmePOvTp1uxIYeb7g1KJ3SCWPSjAFWBqVSeDAgL1ch8Y4OOXq3zaDksuWVxI:8Tme2vTp1uYSPo34Ujnyy4RMcPpra5j

Score

1^/10

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{707A7206-99E0-474B-9281-15E9BF908EDC}\ = "TypeDuck"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{707A7206-99E0-474B-9281-15E9BF908EDC}\InprocServer32	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{707A7206-99E0-474B-9281-15E9BF908EDC}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\typeduckt.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{707A7206-99E0-474B-9281-15E9BF908EDC}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{707A7206-99E0-474B-9281-15E9BF908EDC}	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 2368	856	regsvr32.exe	82
PID 856 wrote to memory of 2368	856	regsvr32.exe	82
PID 856 wrote to memory of 2368	856	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\typeduckt.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:856
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\typeduckt.dll
  2⤵
  - Modifies registry class
  PID:2368