f77e094423c9a092cf74938408d47ffca0684f6e29a072a194dcc266c73beaa2

Analysis

max time kernel
152s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 02:59

Target

4a45b69b95bbd6986f26dfc20e0193ae.dll
Size

47KB
MD5

4a45b69b95bbd6986f26dfc20e0193ae
SHA1

110c17caadeb29c6829c5260d225a36931dd302e
SHA256

f77e094423c9a092cf74938408d47ffca0684f6e29a072a194dcc266c73beaa2
SHA512

1c38efde45c3f312b60d5938f7bc554ba01c8a3b83651b43dde4e180a509d198d4551d71d6c4d7425a0d79031b9f0ba8f4faf4a131509acf7de329597b137a9c
SSDEEP

768:hSVMqQCVaQkUwjWnoQ2VykU8iO5OpBlEuK1RfpyHQjkbudxOHfQp369Y:4VMqFVaQbKVLiGOpBlEhjkaLGQReY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3420 wrote to memory of 2676	3420	regsvr32.exe	91
PID 3420 wrote to memory of 2676	3420	regsvr32.exe	91
PID 3420 wrote to memory of 2676	3420	regsvr32.exe	91

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4a45b69b95bbd6986f26dfc20e0193ae.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3420
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4a45b69b95bbd6986f26dfc20e0193ae.dll
  2⤵
  PID:2676

memory/2676-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download