0c5bcb0b4d6bfd22cf5eb04c3000c41e9f95d504aae37876388ba636b7b79d7f

Analysis

max time kernel
135s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 20:40

Target

036a4ac61dc258ca30318a61e370dd2d.dll
Size

136KB
MD5

036a4ac61dc258ca30318a61e370dd2d
SHA1

e368dc8f7258f135587e9889d6c4ae5849fd0b9f
SHA256

0c5bcb0b4d6bfd22cf5eb04c3000c41e9f95d504aae37876388ba636b7b79d7f
SHA512

b7c857f109d07bdf14ca009f2bb6064c210d69dd4eeb1d74ba7dc02a0ef7cb17ec761294ce3163487adb5baddb9b5571dc2298ac68f12972e649e6e2851565a9
SSDEEP

3072:cA437PqsWtxW6qzfRaGIrA29aSdjhZpsJ2B8QJteCR:cAq7PWW5zJb29ftrpLPJteo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 3836	540	regsvr32.exe	14
PID 540 wrote to memory of 3836	540	regsvr32.exe	14
PID 540 wrote to memory of 3836	540	regsvr32.exe	14

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\036a4ac61dc258ca30318a61e370dd2d.dll
1⤵
PID:3836

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\036a4ac61dc258ca30318a61e370dd2d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:540