213dbc3d61ff43172a5d59badffd89212d7a078f980c3dd8eda94dba8b3c4abf

Analysis

max time kernel
152s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 21:39

Target

04a867e4114121609f1ac6130d38bc28.dll
Size

32KB
MD5

04a867e4114121609f1ac6130d38bc28
SHA1

ab67b41697a766472cdd45f7d3ee3ec062f82efe
SHA256

213dbc3d61ff43172a5d59badffd89212d7a078f980c3dd8eda94dba8b3c4abf
SHA512

c0555bf66ae058c2c212a69c113562a61e1f74eb0eaf5219e2e8b7d7e6f244224a427ae6871462ed026f1128c4bddbdcecff917dea9960965669124384aa62c1
SSDEEP

384:lNNe06t9hcln52yq42zX/Z9TlRZd+w3EqipIGdGDBVBss23DCxp8UWHi72k:BeP9hACLPqEEqiVWBh2zCcU2M

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 3584	2372	regsvr32.exe	91
PID 2372 wrote to memory of 3584	2372	regsvr32.exe	91
PID 2372 wrote to memory of 3584	2372	regsvr32.exe	91

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\04a867e4114121609f1ac6130d38bc28.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\04a867e4114121609f1ac6130d38bc28.dll
  2⤵
  PID:3584