361d06f4877c1347a3fabd86df51c809cb5c1cd5b12af3029d12cfd22bc1d0a7

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 07:22

Target

5852aae2dc7357521257b9cbe6857057.dll
Size

63KB
MD5

5852aae2dc7357521257b9cbe6857057
SHA1

b1b44f187e834774d2a2db5a41c99a41c9a76555
SHA256

361d06f4877c1347a3fabd86df51c809cb5c1cd5b12af3029d12cfd22bc1d0a7
SHA512

7cad708904b0bec28f325efee5a5e6ba8d2d6005e5be3fbe7436fbaa272d55da8972de96d0551f2a66ad77b5c4ffe2ab6db790fc5dfda05ea503583ecb5ca3b1
SSDEEP

1536:BvqMLTQiqaXW+3X1g/1VPup0/r5M7+iJ+6Wb791CXmKi6:T//pBc11z5M7VzWb51C2Ki6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4380 wrote to memory of 2552	4380	regsvr32.exe	14
PID 4380 wrote to memory of 2552	4380	regsvr32.exe	14
PID 4380 wrote to memory of 2552	4380	regsvr32.exe	14

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\5852aae2dc7357521257b9cbe6857057.dll
1⤵
PID:2552

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5852aae2dc7357521257b9cbe6857057.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4380