9363f142a5c5fb418a1b8ab3f272d12588c79a64711baee86285a7d990da0918

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2024, 09:18

Target

5ade305c378705ec2009c8c8d3d0435f.dll
Size

139KB
MD5

5ade305c378705ec2009c8c8d3d0435f
SHA1

3bf6e94392005d5ebed83129249608266039d250
SHA256

9363f142a5c5fb418a1b8ab3f272d12588c79a64711baee86285a7d990da0918
SHA512

80e6bea515de490a10bd2acc61f1c44f7f22607c87e76d25c93a228f399e24769886c6490ac456b4d153ce88a6461124a28a8ad9a8c7a517a3c46c91ef8bd899
SSDEEP

1536:9Him++uQF7LlKPlalKPlalKPlalKPlalKPlalKPlalKPlalKPlalKPlalKPlV:9Ht2VtttttttttV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 3092	4948	regsvr32.exe	87
PID 4948 wrote to memory of 3092	4948	regsvr32.exe	87
PID 4948 wrote to memory of 3092	4948	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5ade305c378705ec2009c8c8d3d0435f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5ade305c378705ec2009c8c8d3d0435f.dll
  2⤵
  PID:3092

memory/3092-0-0x0000000000010000-0x0000000000028000-memory.dmp

Filesize
96KB

Download