d9a567da406c74d424fc46010c53f80cc0a1ef0399c11e7d70708c7078e71cb2

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 21:17

Target

1cb6d266d2a38e86b43bc1f45b625297.dll
Size

32KB
MD5

1cb6d266d2a38e86b43bc1f45b625297
SHA1

068b1af18b4660f92b7329c9363560c7601237c9
SHA256

d9a567da406c74d424fc46010c53f80cc0a1ef0399c11e7d70708c7078e71cb2
SHA512

d44acff872930fb79174e00b49c8092276697f9149b4dffce1191f3ab0abe1b18ae2ef34649a16a300dd6edc9c1c59406ff0945f9a6a07f6350805bbdf6f933f
SSDEEP

384:isezuEaeyCAC3y8pENMtE7wkEKvGYmzRjICnnS1kXO0MwVMdmoDTAzdKr1FBIoM:i+SACC8pEmtqwkEKYOaSmacdKrbbM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3396 wrote to memory of 4624	3396	regsvr32.exe	36
PID 3396 wrote to memory of 4624	3396	regsvr32.exe	36
PID 3396 wrote to memory of 4624	3396	regsvr32.exe	36

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1cb6d266d2a38e86b43bc1f45b625297.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3396
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1cb6d266d2a38e86b43bc1f45b625297.dll
  2⤵
  PID:4624