f1bbcc5c678d174d858ae089f4494e3ea8bcfc418098d61804a15e437f08aff7

Resubmissions

03-07-2024 22:59

03-07-2024 16:13

03-07-2024 16:11

10-05-2024 16:25

24-08-2023 11:16

05-08-2023 22:52

max time kernel
1785s
max time network
1804s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
03-07-2024 16:13

Target

95560f1a465e8ba87a73f8e60a6657545073d55c3b5cfc2ffdaf3d69d46afcf9.dll
Size

260KB
MD5

9e9719483cc24dc0ab94b31f76981f42
SHA1

dad2cbcedfa94a2d2f0fde521d6f57a094d7c85b
SHA256

95560f1a465e8ba87a73f8e60a6657545073d55c3b5cfc2ffdaf3d69d46afcf9
SHA512

83cff2d55df7d40aea1357515cc673792b367718e57624a2eedd531fd51c49ff165e5e69065efa09148d550644ea1106f54dea35aaadcebaa9ed911532c44309
SSDEEP

6144:HP2sOvpPfQUH6+SqpcH1lH0CIuK8AWaULcka:HPXOv9RH6fEcH1h0vuLNyk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3920 wrote to memory of 3460	3920	regsvr32.exe	regsvr32.exe
PID 3920 wrote to memory of 3460	3920	regsvr32.exe	regsvr32.exe
PID 3920 wrote to memory of 3460	3920	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\95560f1a465e8ba87a73f8e60a6657545073d55c3b5cfc2ffdaf3d69d46afcf9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3920

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\95560f1a465e8ba87a73f8e60a6657545073d55c3b5cfc2ffdaf3d69d46afcf9.dll
2⤵
PID:3460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4428,i,17325488789339133686,9539570259395798500,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:8
1⤵
PID:2152