e093bd43bf4c7073115bb7e72f425be58b89e964e9befeea76b98e8d24df2afb

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 13:50

Target

7373c92c1d8c16b26c0947e8d3838843.dll
Size

257KB
MD5

7373c92c1d8c16b26c0947e8d3838843
SHA1

f2b87d8f4f670e7eda8c07fb87c5ea621f715eeb
SHA256

e093bd43bf4c7073115bb7e72f425be58b89e964e9befeea76b98e8d24df2afb
SHA512

99fcdd21d9223d169039bd580f7744475981909ee1e818e3ee49fbfd39fc886f55df6eec98c6648cf469c25c29cfde8f7f94da40197f26a10dc5783da88764b1
SSDEEP

3072:iMaeAVJm+heAjWG9wM9Ublk4H99mQko0yZsxLAen34LwhefHXbVa19FCF7C/OAOo:naeAVJm+AAjWykN9nM8UOAODkL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 4276	1052	regsvr32.exe	17
PID 1052 wrote to memory of 4276	1052	regsvr32.exe	17
PID 1052 wrote to memory of 4276	1052	regsvr32.exe	17

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7373c92c1d8c16b26c0947e8d3838843.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7373c92c1d8c16b26c0947e8d3838843.dll
  2⤵
  PID:4276