0b1c7c795dc61cbad8b4328b1d6155b1bb0f835c2e3ad0dfa3bc71523abe612e

Analysis

max time kernel
141s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 08:29

Target

5307dc26ebaabb3b562e481660f0d0c3.dll
Size

174KB
MD5

5307dc26ebaabb3b562e481660f0d0c3
SHA1

cd01d97082bef73b572e2f00d3e21cde62e1b3c1
SHA256

0b1c7c795dc61cbad8b4328b1d6155b1bb0f835c2e3ad0dfa3bc71523abe612e
SHA512

f7765da315eec6589626a4f89e4ef062978f5e556b491c4a8f6e280083fc6f22fc5c9cf080d5db4aba7237f2c5db74c9e7b5c5b97749d8ec93019004f86491bc
SSDEEP

3072:c8CsqKxJjz8N8NWc1Ci2LVvh8gpUmWiXtOk1CIjkqV0ngPhaoSmNLiBZP:usquJjANc1GVFOi9Ok18qZPcuat

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 3436	1728	regsvr32.exe	87
PID 1728 wrote to memory of 3436	1728	regsvr32.exe	87
PID 1728 wrote to memory of 3436	1728	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5307dc26ebaabb3b562e481660f0d0c3.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5307dc26ebaabb3b562e481660f0d0c3.dll
  2⤵
  PID:3436

memory/3436-0-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/3436-1-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download