e28ebb5314382c4299126ae49fe9b8ecb5e24681635de9c138fb4db2020430e6

Analysis

max time kernel
148s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 05:27

Target

e28ebb5314382c4299126ae49fe9b8ecb5e24681635de9c138fb4db2020430e6.dll
Size

2.4MB
MD5

5cff2b2b2c0170352c0771f9b6845cd1
SHA1

b3a99ce8ddb3e8526ff5772e5bc0821af5633cc1
SHA256

e28ebb5314382c4299126ae49fe9b8ecb5e24681635de9c138fb4db2020430e6
SHA512

5391afb463ea7b0f2970455741c535eafc3502406e0a7923b21c62d40767744845b0d6db74a556249d8b9ff81eb764039ceef8229c00e5017d51896869a08336
SSDEEP

49152:BDV9zKCm3THiaMBlGJQHyacLlIsniSka3yDcXv7XTDnMRlDw2gwr1:Bh9zlOjxt2sdXfuDWwr1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2356	2896	regsvr32.exe	83
PID 2896 wrote to memory of 2356	2896	regsvr32.exe	83
PID 2896 wrote to memory of 2356	2896	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e28ebb5314382c4299126ae49fe9b8ecb5e24681635de9c138fb4db2020430e6.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e28ebb5314382c4299126ae49fe9b8ecb5e24681635de9c138fb4db2020430e6.dll
  2⤵
  PID:2356