d2ef717cfcd130dd1b93fb5ff6bd192df33fafe4f49b80a6b6712c59c76c99bf

Analysis

max time kernel
149s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 08:02

Target

4ae300078c09e676b0d80c6d425372cc.dll
Size

273KB
MD5

4ae300078c09e676b0d80c6d425372cc
SHA1

88002122a01c17b1aeadce4f16d2b6af357e7a7b
SHA256

d2ef717cfcd130dd1b93fb5ff6bd192df33fafe4f49b80a6b6712c59c76c99bf
SHA512

4918bcfa4ba84fcdb0f1dddb81d943d5501f4a8d8dfe347b36228dd77175b12c6ff943396c3fd10b4325ba2ac90632ddc80f4be0cac8b8aed9ee095bcf58a29c
SSDEEP

6144:6JVwb9E+azpJVwb9E+azpJVwb9E+azpJVwb9E+azpJVwb9E+azpJVwb9E+azpJVn:6JVwRE+aVJVwRE+aVJVwRE+aVJVwRE+I

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3388 wrote to memory of 4548	3388	regsvr32.exe	88
PID 3388 wrote to memory of 4548	3388	regsvr32.exe	88
PID 3388 wrote to memory of 4548	3388	regsvr32.exe	88

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4ae300078c09e676b0d80c6d425372cc.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3388
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4ae300078c09e676b0d80c6d425372cc.dll
  2⤵
  PID:4548