d3a5f0eba7b09c1ff72ee923cecaa2a094dff13e7b26fabc51d365a9c22023db

Analysis

max time kernel
140s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 02:15

Target

4c0410a7897c9d21f4635f676d85d1ae.dll
Size

124KB
MD5

4c0410a7897c9d21f4635f676d85d1ae
SHA1

95bbef1f38e2e133c9d053b0d0283e0b60779852
SHA256

d3a5f0eba7b09c1ff72ee923cecaa2a094dff13e7b26fabc51d365a9c22023db
SHA512

c1c47d2a4bab7b6c211fc3b541dc16d25dab9110b315b42e27396decf93a31d08adb6eb3f763c0862a3945350c63dab932b462350cf3a431125e3b601e5363de
SSDEEP

768:QCOqlQuGf0eYX0ux/bjNub/viZZ9L7uZQ5a0c8fQfLLSXkYUcvUkRe6U/nKn2may:XOqlQKBX0uxPA03/5Hc8fA20MzLU/8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 4564	4560	regsvr32.exe	87
PID 4560 wrote to memory of 4564	4560	regsvr32.exe	87
PID 4560 wrote to memory of 4564	4560	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4c0410a7897c9d21f4635f676d85d1ae.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4c0410a7897c9d21f4635f676d85d1ae.dll
  2⤵
  PID:4564

memory/4564-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download