1b8fa3f603a0eda3834a0ff4db152cf7f11089536bcdbca7478dbe7cba1afa28

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 17:27

Target

594a3e3460cd07c90cd0d171ddc9aa79.dll
Size

220KB
MD5

594a3e3460cd07c90cd0d171ddc9aa79
SHA1

a7af9c190fd5fb3c275a848dba4d8413defc5698
SHA256

1b8fa3f603a0eda3834a0ff4db152cf7f11089536bcdbca7478dbe7cba1afa28
SHA512

609c82753259227b894010bd21bd0014fe74f4ec648433ff7683d0a117900bb54b73e67d2efd072bd5f07c6a457bd1ba2028a79462b2b1b0543e093ecd3677ee
SSDEEP

6144:AmDf9wEmDf9wEmDf9wEmDf9wEmDf9wEmDf9wEmDf9w:pD+dD+dD+dD+dD+dD+dD+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4612 wrote to memory of 1384	4612	regsvr32.exe	88
PID 4612 wrote to memory of 1384	4612	regsvr32.exe	88
PID 4612 wrote to memory of 1384	4612	regsvr32.exe	88

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\594a3e3460cd07c90cd0d171ddc9aa79.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4612
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\594a3e3460cd07c90cd0d171ddc9aa79.dll
  2⤵
  PID:1384