36ce1abbfd9a4bbc48727a514181bcbd7823271a6aca7709da006b3e60b4d46e

Analysis

max time kernel
1s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 15:10

Target

2832721e3caa506e388c363a42c6afab.dll
Size

527KB
MD5

2832721e3caa506e388c363a42c6afab
SHA1

e6f42bb71c158dd695c62879db3b65a97da07e46
SHA256

36ce1abbfd9a4bbc48727a514181bcbd7823271a6aca7709da006b3e60b4d46e
SHA512

ae5badac254fbde4211a9f9c925e5f00f440f699ccc2aba257c47e7235eb376699ed0e006f889234e62569ef376f09a8e709c28801fe84f6dbdfe8f0779a01d2
SSDEEP

12288:yak5GVZ51sBLbLLSTb8/KU0GSq5XCBMtITE9T8Ddzs:yak5GVGBbLLSTo/K4SsSBzndzs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 3132	396	regsvr32.exe	17
PID 396 wrote to memory of 3132	396	regsvr32.exe	17
PID 396 wrote to memory of 3132	396	regsvr32.exe	17

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2832721e3caa506e388c363a42c6afab.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:396
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2832721e3caa506e388c363a42c6afab.dll
  2⤵
  PID:3132

memory/3132-0-0x0000000010000000-0x00000000100D4000-memory.dmp

Filesize
848KB

Download
memory/3132-2-0x0000000010000000-0x00000000100D4000-memory.dmp

Filesize
848KB

Download
memory/3132-1-0x0000000001160000-0x0000000001161000-memory.dmp

Filesize
4KB

Download