863b32c165b1ea6a76cc2cb2b1c48cb4fdf4dd788dfa70b6d71189c261ed3624

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2024 23:43

Target

4cc477972adea2a2e71df59d5658d34c.dll
Size

36KB
MD5

4cc477972adea2a2e71df59d5658d34c
SHA1

ca6dafa9d01c7ea881564b3ad0c774cb1f0a6bf1
SHA256

863b32c165b1ea6a76cc2cb2b1c48cb4fdf4dd788dfa70b6d71189c261ed3624
SHA512

272e3c255fa3e75fa00abd1a8915b1170b9aeac5f40f0238535701a2813737d55eec2869345938f9a57facc6f136db4a5ff212aa9a1c37f904eb773636ac77fd
SSDEEP

384:wd+k6d9hJyfICTl71+4v5mMugOApEqrL364vpLGYzRqM7jPY8WIHbu3sjFbdiU0D:6+v9horSZOESLq4v1tHLWwa3+bAP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 4428	4800	regsvr32.exe	88
PID 4800 wrote to memory of 4428	4800	regsvr32.exe	88
PID 4800 wrote to memory of 4428	4800	regsvr32.exe	88

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4cc477972adea2a2e71df59d5658d34c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4cc477972adea2a2e71df59d5658d34c.dll
  2⤵
  PID:4428