f91047dc723031433ee854f5cbf6041b8af80669d6ebfbd210496826ed05eb0e

Analysis

max time kernel
95s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 07:54

Target

mscoree.dll
Size

780KB
MD5

2afdab07eb32f2e44a4956a80f9a1808
SHA1

d239de23e07f2816c4d08ed195a5f19004036fb4
SHA256

f91047dc723031433ee854f5cbf6041b8af80669d6ebfbd210496826ed05eb0e
SHA512

0480a298f7a01234cbaf8ba26835eb1e40cc381fd6b9db871d3a2865b2bdd58e99323d3769f8b9bfe08e311d295bc098fa5665cd6147a2959ff874050a6c3d5e
SSDEEP

12288:YwYGwVlv+Qq+HYS0WMb4iO2TJ4OlE3NVAHBYBl9joDznW:Yw1wz7qYPW0ipNlsYBkjg

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 64	4968	regsvr32.exe	91
PID 4968 wrote to memory of 64	4968	regsvr32.exe	91
PID 4968 wrote to memory of 64	4968	regsvr32.exe	91
PID 4968 wrote to memory of 64	4968	regsvr32.exe	91
PID 4968 wrote to memory of 64	4968	regsvr32.exe	91
PID 4968 wrote to memory of 64	4968	regsvr32.exe	91

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\mscoree.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Windows\system32\RuntimeBroker.exe
  RuntimeBroker.exe
  2⤵
  PID:64

memory/64-5-0x00000197863A0000-0x00000197863A1000-memory.dmp

Filesize
4KB

Download
memory/64-4-0x0000019786390000-0x0000019786391000-memory.dmp

Filesize
4KB

Download
memory/64-6-0x00007FFE6B62D000-0x00007FFE6B62E000-memory.dmp

Filesize
4KB

Download
memory/4968-0-0x000000006E900000-0x000000006E9E1000-memory.dmp

Filesize
900KB

Download
memory/4968-1-0x000000006E900000-0x000000006E9E1000-memory.dmp

Filesize
900KB

Download
memory/4968-2-0x000000006E900000-0x000000006E9E1000-memory.dmp

Filesize
900KB

Download
memory/4968-7-0x000000006E900000-0x000000006E9E1000-memory.dmp

Filesize
900KB

Download
memory/4968-8-0x000000006E900000-0x000000006E9E1000-memory.dmp

Filesize
900KB

Download