49cfe94da4521577cbf2daac1ca01bc05cbaf29ff0cd3f978a2658294b11e599

Resubmissions

06/04/2023, 23:01

13/03/2023, 10:25

max time kernel
137s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
13/03/2023, 10:25

Target

ba0f7d3caed95ad38d801667520ea0beed0744d8aca7d3cf896a5239dc983d03.dll
Size

289.8MB
MD5

0887e398eceda40064ee01f6cc6e9424
SHA1

45869d15d9624dadaa9352ef5191a870d1a413de
SHA256

ba0f7d3caed95ad38d801667520ea0beed0744d8aca7d3cf896a5239dc983d03
SHA512

0d8fcfe7ea1d480f11a25ce21969f520d15e306ea85acdbd2e01a692659d63368b2d005fa0ee19c1ae31173f4a2c61ead13718021c38580ec14c429acce0473f
SSDEEP

196608:TQO9U+pMkEO6Tr5NUR4ureIXH5yJ7nxkYuQPP3r7DbGF/UALgV:T/sO6Tr5NUR4ureIXYjTuQPPy/UQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 1504	2912	regsvr32.exe	85
PID 2912 wrote to memory of 1504	2912	regsvr32.exe	85
PID 2912 wrote to memory of 1504	2912	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ba0f7d3caed95ad38d801667520ea0beed0744d8aca7d3cf896a5239dc983d03.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ba0f7d3caed95ad38d801667520ea0beed0744d8aca7d3cf896a5239dc983d03.dll
  2⤵
  PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 1504 -ip 1504
1⤵
PID:1528

memory/1504-133-0x0000000002D30000-0x0000000003D30000-memory.dmp

Filesize
16.0MB

Download