cd7293f2ed47e2692583e74c6a959bb56eb229b9a527090a86f0cde1751ab0cd

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 06:42

Target

4fdbb09133e13200c8e65ce9e079f9db.dll
Size

32KB
MD5

4fdbb09133e13200c8e65ce9e079f9db
SHA1

12639706d137608a4af7b6ea382baa7b06dfbd8a
SHA256

cd7293f2ed47e2692583e74c6a959bb56eb229b9a527090a86f0cde1751ab0cd
SHA512

14a6456546826b7fc77b730df04bd936d43ffa135bc5d43d72f8cec23bc783d88f2481d38eeb87c2362f2e4aa13d87be04a1c99661f9f228db0e54dc3e34bc57
SSDEEP

384:hNNe06t9hcyL6oa2QFjOyDTto6iqFtiCf1ife0sV/r3J/rgpy8lWH/cIk:1eP9hdaFVViqFtzIEVzx4l2kr

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 1548	764	regsvr32.exe	87
PID 764 wrote to memory of 1548	764	regsvr32.exe	87
PID 764 wrote to memory of 1548	764	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4fdbb09133e13200c8e65ce9e079f9db.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:764
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4fdbb09133e13200c8e65ce9e079f9db.dll
  2⤵
  PID:1548