26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968

Analysis

max time kernel
156s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 18:47

Target

26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968.dll
Size

1.6MB
MD5

6608a59828021526d2ed539fa4010263
SHA1

9362b621da77d4f7f3c3e0077e2c7cf65c057eea
SHA256

26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968
SHA512

80edc4a58ec3ea5ec7da0a73c31ef4256c15186d1df797a76c48e1e748501fd58e9944abd75f4291b0c6bc3a13a9d685d77157652a0cf4f533e82cae4c83321f
SSDEEP

49152:Chs/UjXWnglxc4iphRLXBkxgdvYr968/ZcU1tU:wpjXWngjc4ip/LXBkxIvYR6lF

Score

1^/10

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ppstreamlive3	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ppstreamlive3\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968.dll"	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 4912	2172	regsvr32.exe	84
PID 2172 wrote to memory of 4912	2172	regsvr32.exe	84
PID 2172 wrote to memory of 4912	2172	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\26f0d0ffa3795b3e8da444ce94df4f12a1a04267ef6a703a04bb293b02c84968.dll
  2⤵
  - Modifies registry class
  PID:4912