6dd4c8c5c75055d2ba37c1a8992041dcb1b86b6624be63e97a989c7da558a9d7

Analysis

max time kernel
174s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 18:22

Target

6dd4c8c5c75055d2ba37c1a8992041dcb1b86b6624be63e97a989c7da558a9d7.dll
Size

1.8MB
MD5

7d180f67595424e11007f72298dd7ec3
SHA1

a2c14ef998b17f17fa8289c8ea44540b7e1d427f
SHA256

6dd4c8c5c75055d2ba37c1a8992041dcb1b86b6624be63e97a989c7da558a9d7
SHA512

35a47b93a10a42d77b819d1cb733a02f497b236007046c6c5250523f77f4bec9c86594ffc75c2b5a5b8b6f0cccba06e091d6f0a112c3643acaba6ba200f7dd9b
SSDEEP

24576:/ub9WFEMQxSzyEl4aS6S0jxtCBVKNC5RBc6g8BUBckubJWlznFJDFbHA3QShJ:/REMGWfl4oRWVBBBUBck8WlznFJmT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 4536	2900	regsvr32.exe	88
PID 2900 wrote to memory of 4536	2900	regsvr32.exe	88
PID 2900 wrote to memory of 4536	2900	regsvr32.exe	88

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6dd4c8c5c75055d2ba37c1a8992041dcb1b86b6624be63e97a989c7da558a9d7.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\6dd4c8c5c75055d2ba37c1a8992041dcb1b86b6624be63e97a989c7da558a9d7.dll
  2⤵
  PID:4536