7558d71491be53831fb03b669c939483ca0ca2f78fcbcd21b776a65fd52c1d6a

Analysis

max time kernel
149s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 01:25

Target

7558d71491be53831fb03b669c939483ca0ca2f78fcbcd21b776a65fd52c1d6a.dll
Size

24KB
MD5

2671d6be0ffbd9a25416ae575502a529
SHA1

f1afc35e9c22c348116037d24949099cc55397f9
SHA256

7558d71491be53831fb03b669c939483ca0ca2f78fcbcd21b776a65fd52c1d6a
SHA512

07e0a8f163874224d6981614e06970e8eb8b453952ae07ef118c222c1f96b844c934d51eef3058377a331b2f3a9658c11d28885b5c146c391c793b12638b1417
SSDEEP

192:Ho7irdwgJUdvrVmUh0KTb+NWkugbcl2YPg:HoA9sh0LNUf2YP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2456 wrote to memory of 5104	2456	regsvr32.exe	regsvr32.exe
PID 2456 wrote to memory of 5104	2456	regsvr32.exe	regsvr32.exe
PID 2456 wrote to memory of 5104	2456	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7558d71491be53831fb03b669c939483ca0ca2f78fcbcd21b776a65fd52c1d6a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7558d71491be53831fb03b669c939483ca0ca2f78fcbcd21b776a65fd52c1d6a.dll
  2⤵
  PID:5104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4416 --field-trial-handle=3060,i,1774866140584649235,8085848018931772189,262144 --variations-seed-version /prefetch:8
1⤵
PID:4336