26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968

Analysis

max time kernel
39s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
25/11/2022, 18:47

Target

26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968.dll
Size

1.6MB
MD5

6608a59828021526d2ed539fa4010263
SHA1

9362b621da77d4f7f3c3e0077e2c7cf65c057eea
SHA256

26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968
SHA512

80edc4a58ec3ea5ec7da0a73c31ef4256c15186d1df797a76c48e1e748501fd58e9944abd75f4291b0c6bc3a13a9d685d77157652a0cf4f533e82cae4c83321f
SSDEEP

49152:Chs/UjXWnglxc4iphRLXBkxgdvYr968/ZcU1tU:wpjXWngjc4ip/LXBkxIvYR6lF

Score

1^/10

Modifies registry class 2 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ppstreamlive3\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968.dll"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ppstreamlive3	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 460	1328	regsvr32.exe	28
PID 1328 wrote to memory of 460	1328	regsvr32.exe	28
PID 1328 wrote to memory of 460	1328	regsvr32.exe	28
PID 1328 wrote to memory of 460	1328	regsvr32.exe	28
PID 1328 wrote to memory of 460	1328	regsvr32.exe	28
PID 1328 wrote to memory of 460	1328	regsvr32.exe	28
PID 1328 wrote to memory of 460	1328	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968.dll
  2⤵
  - Modifies registry class
  PID:460

memory/460-56-0x0000000075F01000-0x0000000075F03000-memory.dmp

Filesize
8KB

Download
memory/1328-54-0x000007FEFBE41000-0x000007FEFBE43000-memory.dmp

Filesize
8KB

Download