a6953b0517db5a83098942dac320834d025a17f15e45aa07248840a42ef7257a

Analysis

max time kernel
140s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 12:06

Target

BWContextHandler.dll
Size

52KB
MD5

4136eac275c8031d8da954fb871e274a
SHA1

e09427f7dd9be1df7533bfe077ce81cf0fabb344
SHA256

a6953b0517db5a83098942dac320834d025a17f15e45aa07248840a42ef7257a
SHA512

1fb859f4a4e535c15d245bdf51c87d7f17f8fc529d304e2ba41e78a8238aea5286465b36266084d3a55a6851e4c393d58c2a5de1438cae58b064574da4d8fd3b
SSDEEP

768:Pw4P1/gDMB33F5OBtj2yPgz79up1UsHqyOFwtJgDJ3AaHeX86tT58n:P1P1IABl5OjKyZUsHqyywtJgFw986tT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 312 wrote to memory of 3952	312	regsvr32.exe	83
PID 312 wrote to memory of 3952	312	regsvr32.exe	83
PID 312 wrote to memory of 3952	312	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\BWContextHandler.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:312
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\BWContextHandler.dll
  2⤵
  PID:3952