a014b0e583b73abbba37757493fb9a4f4cdc64f3eade005da280bc8065adc23e

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2024 21:14

Target

49c913954a08251a66ac623899230fb4.dll
Size

38KB
MD5

49c913954a08251a66ac623899230fb4
SHA1

9458ea89bd1e13be3c3577a4d6ba683764912fac
SHA256

a014b0e583b73abbba37757493fb9a4f4cdc64f3eade005da280bc8065adc23e
SHA512

268267184e17f0212b1302889086d22a2f87a593007e5fb91982f3d967c24ec930c905f3d03e4750c69e66770f4dcb9f8d35dfbf4835f0ce8e47e2319a4225af
SSDEEP

768:tZkDpQPaT9RNHPcluHbv0gV81YSKR8HPT/KJWxPha5Pi:Gpv9R9cl8L09nKR87/zwi

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 3916	2272	regsvr32.exe	89
PID 2272 wrote to memory of 3916	2272	regsvr32.exe	89
PID 2272 wrote to memory of 3916	2272	regsvr32.exe	89

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\49c913954a08251a66ac623899230fb4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\49c913954a08251a66ac623899230fb4.dll
  2⤵
  PID:3916