c5958711c87358d92b505eda53dd9f167ac6dcbc0e509b34cbf1c69e2768f46e

Analysis

max time kernel
139s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2023, 12:50

Target

Setup_Loader v2.1/PhotoViewer.dll
Size

1.5MB
MD5

97373cb137a028d459928d63fa8fe45d
SHA1

f2d665a800d7e8fd61c9405bbcadcf77b08e84e0
SHA256

450edab43e39086f4921f85802fd7142064a207d666457221cc794e6e4379b54
SHA512

44e172cdeae581092db40d998e30889450dcd88af127c386da894a5ce79ea5987baa6cf63c48b8540eb97e779b59117b3bc394643bc233c5fbf97f572a88ab82
SSDEEP

24576:GAOnAn6jmVMD58MyV3iFeKNC1HYJtyeyvM0W7439KQ9l2oWIoWIoW:SA1V+5ZVaW743YQ99WRWRW

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 3296	1392	regsvr32.exe	59
PID 1392 wrote to memory of 3296	1392	regsvr32.exe	59
PID 1392 wrote to memory of 3296	1392	regsvr32.exe	59

C:\Windows\system32\regsvr32.exe
regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\Setup_Loader v2.1\PhotoViewer.dll"
1⤵
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Windows\SysWOW64\regsvr32.exe
  /s "C:\Users\Admin\AppData\Local\Temp\Setup_Loader v2.1\PhotoViewer.dll"
  2⤵
  PID:3296