20fc8896f4b21e626e6994fe93df34197f6ee54efafcaa241d1a794f3e83cb62

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/02/2024, 13:04

Target

2k3activator/Antiwpa-V3.4.6 for X64 and X86/X86/antiwpa.dll
Size

5KB
MD5

98c332990684cd9f113fbd495841c6fa
SHA1

b42d4f6996759cd5ec6b5de89f1ef1f3a40e7084
SHA256

ef09a3c84e4d30dd8e2bca084fc88f45bd79c0c83cf55651f80a03e44298a8bc
SHA512

27bd3efcb149e1870cf289ae882c15e8d90cb5dca5c5e02d0f570a94331c97e0faacdcd1f8b15f140cefe54dc71f3b4f15a20362f9704a978ea966990e6ef3ec
SSDEEP

96:gG0jvnMoBDvCCslvtdhEArE/1pQxkpulLFjiyDXijoQRfAXMq:gG0jvnXBmCslNxrE/1pQxk+ZjiyDXiUR

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\antiwpa.dll	regsvr32.exe
File created	C:\Windows\SysWOW64\antiwpa.dll	regsvr32.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 1976	2968	regsvr32.exe	28
PID 2968 wrote to memory of 1976	2968	regsvr32.exe	28
PID 2968 wrote to memory of 1976	2968	regsvr32.exe	28
PID 2968 wrote to memory of 1976	2968	regsvr32.exe	28
PID 2968 wrote to memory of 1976	2968	regsvr32.exe	28
PID 2968 wrote to memory of 1976	2968	regsvr32.exe	28
PID 2968 wrote to memory of 1976	2968	regsvr32.exe	28
PID 1976 wrote to memory of 2848	1976	regsvr32.exe	29
PID 1976 wrote to memory of 2848	1976	regsvr32.exe	29
PID 1976 wrote to memory of 2848	1976	regsvr32.exe	29
PID 1976 wrote to memory of 2848	1976	regsvr32.exe	29
PID 1976 wrote to memory of 2848	1976	regsvr32.exe	29
PID 1976 wrote to memory of 2848	1976	regsvr32.exe	29
PID 1976 wrote to memory of 2848	1976	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\2k3activator\Antiwpa-V3.4.6 for X64 and X86\X86\antiwpa.dll"
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\regsvr32.exe
  /s "C:\Users\Admin\AppData\Local\Temp\2k3activator\Antiwpa-V3.4.6 for X64 and X86\X86\antiwpa.dll"
  2⤵
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1976
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\System32\rundll32.exe" setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf
    3⤵
    PID:2848

memory/1976-0-0x0000000005000000-0x0000000005002000-memory.dmp

Filesize
8KB

Download