b0272b51ed6989c9b15e9fffb18d38df6af13bba4a84105e80101add69bd985b

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2023, 00:59

Target

b0272b51ed6989c9b15e9fffb18d38df6af13bba4a84105e80101add69bd985b.dll
Size

3.2MB
MD5

694970ac09ce37ae89b36c43a8a19e4a
SHA1

e8490dba294c82cf56b3dcc00916556662500cc4
SHA256

b0272b51ed6989c9b15e9fffb18d38df6af13bba4a84105e80101add69bd985b
SHA512

5fe5dd6e8c93ffcc4e8f0bde6cf7a223562db4c0d975e62f99b4f06d2862078d5291d57d4ebc25c247d15ca15b5c1dc028be6802125162665d2692c5327565dd
SSDEEP

49152:9cCSApVUC4Tpim51Zf4qTB6t+ueomsXdgzWlg0t9mvk6ND8zcfsZm9W6lrEYvXEZ:9XSA8Tp551ljUtGZFPij

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4216 wrote to memory of 220	4216	regsvr32.exe	83
PID 4216 wrote to memory of 220	4216	regsvr32.exe	83
PID 4216 wrote to memory of 220	4216	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b0272b51ed6989c9b15e9fffb18d38df6af13bba4a84105e80101add69bd985b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4216
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b0272b51ed6989c9b15e9fffb18d38df6af13bba4a84105e80101add69bd985b.dll
  2⤵
  PID:220