3c1102a0b253475bc2c94ef0289a88719056b21b3cffbdf1b2499471c859114f

Analysis

max time kernel
162s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 23:50

Target

078c6a390c7271340b9835f8165f46ac.dll
Size

84KB
MD5

078c6a390c7271340b9835f8165f46ac
SHA1

3cb2787f7c2fd7ea94f1b1e8e9d9a6bd8306be3c
SHA256

3c1102a0b253475bc2c94ef0289a88719056b21b3cffbdf1b2499471c859114f
SHA512

b029679009cfe67e8d3fdb80a61798c22f29139022ff7078f057b5ff471252b38af9c84c2005e116f5cfe69be1cd4bce591f79f3e070f314250d8111337b9af2
SSDEEP

1536:00UXSfNkx2UUtkSLgFRw1YNpLYeYYOLMCbxOlXXq4H8udVKCZGkOLMC:03WKMyyAvQPbElX64H8udV3GkQP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 4628	4924	regsvr32.exe	28
PID 4924 wrote to memory of 4628	4924	regsvr32.exe	28
PID 4924 wrote to memory of 4628	4924	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\078c6a390c7271340b9835f8165f46ac.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\078c6a390c7271340b9835f8165f46ac.dll
  2⤵
  PID:4628

memory/4628-0-0x0000000010000000-0x000000001002E000-memory.dmp

Filesize
184KB

Download