20fc8896f4b21e626e6994fe93df34197f6ee54efafcaa241d1a794f3e83cb62

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 13:04

Target

2k3activator/Antiwpa-V3.4.6 for X64 and X86/X86/antiwpa.dll
Size

5KB
MD5

98c332990684cd9f113fbd495841c6fa
SHA1

b42d4f6996759cd5ec6b5de89f1ef1f3a40e7084
SHA256

ef09a3c84e4d30dd8e2bca084fc88f45bd79c0c83cf55651f80a03e44298a8bc
SHA512

27bd3efcb149e1870cf289ae882c15e8d90cb5dca5c5e02d0f570a94331c97e0faacdcd1f8b15f140cefe54dc71f3b4f15a20362f9704a978ea966990e6ef3ec
SSDEEP

96:gG0jvnMoBDvCCslvtdhEArE/1pQxkpulLFjiyDXijoQRfAXMq:gG0jvnXBmCslNxrE/1pQxk+ZjiyDXiUR

Score

5^/10

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\antiwpa.dll	regsvr32.exe
File opened for modification	C:\Windows\SysWOW64\antiwpa.dll	regsvr32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 4848	4944	regsvr32.exe	84
PID 4944 wrote to memory of 4848	4944	regsvr32.exe	84
PID 4944 wrote to memory of 4848	4944	regsvr32.exe	84
PID 4848 wrote to memory of 4544	4848	regsvr32.exe	85
PID 4848 wrote to memory of 4544	4848	regsvr32.exe	85
PID 4848 wrote to memory of 4544	4848	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\2k3activator\Antiwpa-V3.4.6 for X64 and X86\X86\antiwpa.dll"
1⤵
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Windows\SysWOW64\regsvr32.exe
  /s "C:\Users\Admin\AppData\Local\Temp\2k3activator\Antiwpa-V3.4.6 for X64 and X86\X86\antiwpa.dll"
  2⤵
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:4848
- - C:\Windows\SysWOW64\rundll32.exe
    "C:\Windows\System32\rundll32.exe" setupapi,InstallHinfSection DEL_OOBE_ACTIVATE 132 syssetup.inf
    3⤵
    PID:4544

memory/4848-0-0x0000000005000000-0x0000000005002000-memory.dmp

Filesize
8KB

Download
memory/4848-1-0x0000000005000000-0x0000000005002000-memory.dmp

Filesize
8KB

Download