0256d0b21d0e10699e544f0197103577ab4592c3afec1e0ea536ff4ba799943e

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 00:52

Target

2248e0a69c0e6f7bb200eb5c7deba68b.dll
Size

231KB
MD5

2248e0a69c0e6f7bb200eb5c7deba68b
SHA1

46f5400bd52d2904242ffb31b55fd0d5463da78c
SHA256

0256d0b21d0e10699e544f0197103577ab4592c3afec1e0ea536ff4ba799943e
SHA512

8a02a5bb9776c21812dfb16dd230123333b6ab917e9277a4244e1f9d87db5b0d5f27e03615115c336df71c300381c69fe54a2700e594afa9a69760024da31a74
SSDEEP

3072:ecARn6WCcARn6WCcARn6WCcARn6WCcARn6WCcARn6WCcARn6W:tARXARXARXARXARXARXAR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 1984	4860	regsvr32.exe	56
PID 4860 wrote to memory of 1984	4860	regsvr32.exe	56
PID 4860 wrote to memory of 1984	4860	regsvr32.exe	56

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2248e0a69c0e6f7bb200eb5c7deba68b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2248e0a69c0e6f7bb200eb5c7deba68b.dll
  2⤵
  PID:1984