b9d9bbe270d741c6510c0938991a5c03a01c24dce24bca4d45ffb2b2da65b0f9

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2023, 17:09

Target

b9d9bbe270d741c6510c0938991a5c03a01c24dce24bca4d45ffb2b2da65b0f9.dll
Size

523KB
MD5

0c75dc8428d38c3459874a6422ef2eef
SHA1

aa4f8bb920e96452a3db8f35a46ced5de87dd268
SHA256

b9d9bbe270d741c6510c0938991a5c03a01c24dce24bca4d45ffb2b2da65b0f9
SHA512

4787f4231108e5123bb04708bea3155d10f944a6d91ead2dd69ecfe0b5d25f1eed413d08f73437c8c1756f3ef7b9f23da18e81163acd5b17a14c6dccbfd07986
SSDEEP

6144:o90MkQVDS18OKIGSi0m7c7XieWQJHYzICrPeJYvB:BMkQ548DIrmMyD8YJ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 2148	3572	regsvr32.exe	85
PID 3572 wrote to memory of 2148	3572	regsvr32.exe	85
PID 3572 wrote to memory of 2148	3572	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b9d9bbe270d741c6510c0938991a5c03a01c24dce24bca4d45ffb2b2da65b0f9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3572
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b9d9bbe270d741c6510c0938991a5c03a01c24dce24bca4d45ffb2b2da65b0f9.dll
  2⤵
  PID:2148