f00d2a18a015a2f51cbe46d7e1e42284c97b957ad3538ad695a96e373bc83473

Analysis

max time kernel
92s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 14:13

Target

000b33ffacd34fa0a9f40d2adf45adde.dll
Size

17KB
MD5

000b33ffacd34fa0a9f40d2adf45adde
SHA1

41ce4cb26af4978eb858701e26b6ee43fd3ac33c
SHA256

f00d2a18a015a2f51cbe46d7e1e42284c97b957ad3538ad695a96e373bc83473
SHA512

61bc746b07474da50fb8bd4ed9d112c2b07ce4193c52d6166cace9575936511b259b0b14907b5b3195d14f001fcebb657cd82c3f2794549f1f9d6fcb534f69ff
SSDEEP

384:AWWTEcWtPJVlYJ124M5LOFdWqdmxFWD0c6kx93/IMd0LhaG:rXP3OJuypm+05Q9vIMd0l

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 1644	2136	regsvr32.exe	17
PID 2136 wrote to memory of 1644	2136	regsvr32.exe	17
PID 2136 wrote to memory of 1644	2136	regsvr32.exe	17

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\000b33ffacd34fa0a9f40d2adf45adde.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\000b33ffacd34fa0a9f40d2adf45adde.dll
  2⤵
  PID:1644

memory/1644-0-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download