Windows Analysis Report
dllhost.exe

Overview

General Information

Sample name:	dllhost.exe
Analysis ID:	1431562
MD5:	0a9ba6af531afe7fa5e4fb973852d863
SHA1:	5d0b0222b0f37a85d64b9283611e940313e21348
SHA256:	8a8116429189d631fc00596278c92a363ec734f0cde76f52c7456fdc9c56e384
Infos:

Detection

Score:	21
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

Sigma detected: System File Execution Location Anomaly

Program does not show much activity (idle)

Uses 32bit PE files

Classification

Signatures

Uses 32bit PE files

Source: dllhost.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source:

Binary string: dllhost.pdb source: dllhost.exe

Uses 32bit PE files

Source: dllhost.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: classification engine

Classification label: sus21.winEXE@1/0@0/0

Source: dllhost.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\dllhost.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\dllhost.exe

Section loaded: apphelp.dll

Jump to behavior

Source: dllhost.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Binary string: dllhost.pdb source: dllhost.exe

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

ID:	1431562
Product:	CloudBasic
Start time:	13:11:57
Start date:	25.04.2024
Sample:	dllhost.exe
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	0a9ba6af531afe7fa5e4fb973852d863
SHA1:	5d0b0222b0f37a85d64b9283611e940313e21348
SHA256:	8a8116429189d631fc00596278c92a363ec734f0cde76f52c7456fdc9c56e384
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
dllhost.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Malware Analysis System Evasion

Anti Debugging

Screenshots

Behavior Graph

Network Map

Windows Analysis Report dllhost.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

Compliance

System Summary

Malware Analysis System Evasion

Anti Debugging

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
dllhost.exe