db4a69d1044ffdc2b2ca8ae5a55e88f3fb02442ec57e9091c436aeea347e1e84

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2023 04:37

Target

db4a69d1044ffdc2b2ca8ae5a55e88f3fb02442ec57e9091c436aeea347e1e84.dll
Size

2.5MB
MD5

147b2a648c3b7491b37bc87a460778bb
SHA1

99c8e2f348f79dd27105d42bc682883e704fd286
SHA256

db4a69d1044ffdc2b2ca8ae5a55e88f3fb02442ec57e9091c436aeea347e1e84
SHA512

9ad8a5bf00f6131405a344ec485413ab43361fe860b33836a203964bb996eac1c66b6e22effec106fdd9e044e885b43a781b76d2a463537fa439bb310ebe8bd4
SSDEEP

49152:FHqfB85pSZSSUcZjGJS/yxvqJz7cMVCesuiiNjL3tbCt2:QfBspASSUcZjvyxSzgGHDFm2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 460 wrote to memory of 1260	460	regsvr32.exe	81
PID 460 wrote to memory of 1260	460	regsvr32.exe	81
PID 460 wrote to memory of 1260	460	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\db4a69d1044ffdc2b2ca8ae5a55e88f3fb02442ec57e9091c436aeea347e1e84.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:460
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\db4a69d1044ffdc2b2ca8ae5a55e88f3fb02442ec57e9091c436aeea347e1e84.dll
  2⤵
  PID:1260