6e17172318ef8283a3a609c036d84b259df5d1763da3faa3da0ee0c9e469ad68

Analysis

max time kernel
122s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2023, 00:19

Target

6e17172318ef8283a3a609c036d84b259df5d1763da3faa3da0ee0c9e469ad68.dll
Size

1.1MB
MD5

31a5f3f6f0d4256050dc364e268586da
SHA1

f19a1fd63428feedc445b031e1080abe8c41b337
SHA256

6e17172318ef8283a3a609c036d84b259df5d1763da3faa3da0ee0c9e469ad68
SHA512

caa37084b69a061e8daddbc36f52d9d4f27e51d6060b675a70004dff74daea422357dceeeb42a1e2d96e54c2912ae0a4e3f3590f560fcf91ed047799155fd0c4
SSDEEP

6144:pXAr8CZWDfbjX5vRgkrT7iaYEaAw6A5dUN7hFq27Gl0buvmLjzOYMdsraXd3Dx9b:p3X5plnOAil0yeLjzOXMY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4224 wrote to memory of 2052	4224	regsvr32.exe	83
PID 4224 wrote to memory of 2052	4224	regsvr32.exe	83
PID 4224 wrote to memory of 2052	4224	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6e17172318ef8283a3a609c036d84b259df5d1763da3faa3da0ee0c9e469ad68.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4224
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\6e17172318ef8283a3a609c036d84b259df5d1763da3faa3da0ee0c9e469ad68.dll
  2⤵
  PID:2052