c63301c1c3ce784cd1eb0fee94f4a1a0388935629c4daf7f4e79965a606d5c0f

Analysis

max time kernel
95s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 12:50

Target

1fcd9982594651ae7a8f6de56220cdd5.dll
Size

272KB
MD5

1fcd9982594651ae7a8f6de56220cdd5
SHA1

fc6dcda601d5caea0401a1157dbd767ae87cb682
SHA256

c63301c1c3ce784cd1eb0fee94f4a1a0388935629c4daf7f4e79965a606d5c0f
SHA512

49df9ad300ce64d9e5aec3442bddb13e19ece3a3ada83615f2075324142e216f5ab65f8e27b2a3f88edc147d48003da181a394e08adc0791ad807108df158c9e
SSDEEP

6144:NwOQyGQyGQyGQyGQyGQyGQyGQyGQyGQybdElkAolkAolkAolkAolkAolkAolkAoF:1ooooooooormkAqkAqkAqkAqkAqkAqkX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 1956	2920	regsvr32.exe	43
PID 2920 wrote to memory of 1956	2920	regsvr32.exe	43
PID 2920 wrote to memory of 1956	2920	regsvr32.exe	43

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1fcd9982594651ae7a8f6de56220cdd5.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1fcd9982594651ae7a8f6de56220cdd5.dll
  2⤵
  PID:1956

memory/1956-0-0x0000000000010000-0x0000000000027000-memory.dmp

Filesize
92KB

Download