c8d77cd4450148eb993189e79d9d38972118ab8a804e1ef5dfe608c388b03076

Analysis

max time kernel
109s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 07:42

Target

1272108050530087224b88c7d7ab87aa.dll
Size

155KB
MD5

1272108050530087224b88c7d7ab87aa
SHA1

e0f8c5344a0e6e6e2782ef39e00ac1a1c5ec428f
SHA256

c8d77cd4450148eb993189e79d9d38972118ab8a804e1ef5dfe608c388b03076
SHA512

12f555482cf248925e1cb1a588c5333f480bc05785e7dee0c99068a9e47ca632235c131b2095f7f9782cfda4f05c3589ec0edd9d2afbf9a8525b1865db8a5ae7
SSDEEP

3072:QVrj+Brqaj+Brqaj+Brqaj+Brqaj+Brqaj+Brqaj+Brqaj+Brqaj+Brqaj+BrqM:QkurururururururururuM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 3496	2064	regsvr32.exe	87
PID 2064 wrote to memory of 3496	2064	regsvr32.exe	87
PID 2064 wrote to memory of 3496	2064	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1272108050530087224b88c7d7ab87aa.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1272108050530087224b88c7d7ab87aa.dll
  2⤵
  PID:3496

memory/3496-0-0x0000000000010000-0x0000000000024000-memory.dmp

Filesize
80KB

Download