c265303eeb1a8301c503d33e3c7b82b70a4bcdaefe2fae64a6da37f0e7e54ad1

Analysis

max time kernel
144s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 01:39

Target

4a00412d6cd2fc53efc854959816917c.dll
Size

116KB
MD5

4a00412d6cd2fc53efc854959816917c
SHA1

304450d58adc182fcb0019e960c04e3c4cc82be7
SHA256

c265303eeb1a8301c503d33e3c7b82b70a4bcdaefe2fae64a6da37f0e7e54ad1
SHA512

efba2a6047fd0a2aa66956191696f378fab4cc0faec9c7eb567463c9f4c8dbb8a263b47c9ff13d1350aba51dd843cc7bf7238fccf4ebeb4f1e7077223885fd3b
SSDEEP

768:R8y1quQCFIxJ9WKdjbGqrpgGu9VBUKsZz35ySMrKYJvDpJjJfVutSDr3vBgI6t57:R71quQpzhdtCVa5yxrKs1JjVX3vBbkJ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 1956	3368	regsvr32.exe	88
PID 3368 wrote to memory of 1956	3368	regsvr32.exe	88
PID 3368 wrote to memory of 1956	3368	regsvr32.exe	88

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4a00412d6cd2fc53efc854959816917c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4a00412d6cd2fc53efc854959816917c.dll
  2⤵
  PID:1956

memory/1956-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download