e2fe45cfa370c5c725caa2ae4b64b86391b597f1c6cb5fa3feb88a6563443072

Analysis

max time kernel
92s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2024, 16:06

Target

89f29a5d849116e811c5f3092e4f5106.exe
Size

320KB
MD5

89f29a5d849116e811c5f3092e4f5106
SHA1

0a65c21979036731f15aaef1baf4e2c6b717a502
SHA256

e2fe45cfa370c5c725caa2ae4b64b86391b597f1c6cb5fa3feb88a6563443072
SHA512

85881fcc667ec71919eedeed641234450415a33f4f6a9b4952a86dc011778cc8491a852724431e0ed786e434d6bef7f80ae6fd43dfcd9c19ef9198a171cd757b
SSDEEP

6144:/Ecyx+VQN0MS0neh84U6RGHJhruKTgpsAKo4LfVV6/r0C26A+lQffrW:/EHxKIn884h4JhruK8p+oWVar0J6A+Ga

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4412 wrote to memory of 60	4412	regsvr32.exe	84
PID 4412 wrote to memory of 60	4412	regsvr32.exe	84
PID 4412 wrote to memory of 60	4412	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\89f29a5d849116e811c5f3092e4f5106.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:4412
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\89f29a5d849116e811c5f3092e4f5106.exe
  2⤵
  PID:60