2d593e358d2926dc44e027af862ddf5e71e2b389ce0df6a013d66fdaf711a3f9

Analysis

max time kernel
139s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30/06/2024, 20:03

Target

2d593e358d2926dc44e027af862ddf5e71e2b389ce0df6a013d66fdaf711a3f9.dll
Size

507KB
MD5

6be57801edfb0da58ffd32ad15bbf35d
SHA1

842c53b9fe521935d8149780fc3ac73842f6247b
SHA256

2d593e358d2926dc44e027af862ddf5e71e2b389ce0df6a013d66fdaf711a3f9
SHA512

cd3f47a5de6ae7e4bb3ad76ee0b2ff954c94cdd310d56b3b44f0b1875b1807fd327bd89ae681513acd975cffdbf58b53ebcf6b813af6e2ea887769f07e101695
SSDEEP

12288:8MrGgLywtTDEEUfILrI29r26nj23sbCu:8ZyywtT4EUgLrVnjSsb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 5048	1964	regsvr32.exe	91
PID 1964 wrote to memory of 5048	1964	regsvr32.exe	91
PID 1964 wrote to memory of 5048	1964	regsvr32.exe	91

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2d593e358d2926dc44e027af862ddf5e71e2b389ce0df6a013d66fdaf711a3f9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2d593e358d2926dc44e027af862ddf5e71e2b389ce0df6a013d66fdaf711a3f9.dll
  2⤵
  PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:3336