2fdf268b03729436b97a4a6e0d2cacbd6f14b0b7f96770aa04386d98bb892052

Analysis

max time kernel
92s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 10:06

Target

6757b8727e5d1bdc0474bf73313afc39.dll
Size

528KB
MD5

6757b8727e5d1bdc0474bf73313afc39
SHA1

dd2353bad0916f79e4d090165f4a4e3c51f10086
SHA256

2fdf268b03729436b97a4a6e0d2cacbd6f14b0b7f96770aa04386d98bb892052
SHA512

aaf7ddc4ee871077212359ef649931c502fef21f039f14338be48b5c015eb2c0a285085e856ab672142e5dc8c374942fafe271f7b33bdba6cb42dd8bf9688dff
SSDEEP

12288:+yF3SrUVaX7zyCyHHjDLLhSuZhqVSNlw8XkMgrNGl:+yF3Sr0aiC4vhSOhGSvbxgrAl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 3548	1408	regsvr32.exe	86
PID 1408 wrote to memory of 3548	1408	regsvr32.exe	86
PID 1408 wrote to memory of 3548	1408	regsvr32.exe	86

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6757b8727e5d1bdc0474bf73313afc39.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\6757b8727e5d1bdc0474bf73313afc39.dll
  2⤵
  PID:3548

memory/3548-0-0x0000000010000000-0x0000000010191000-memory.dmp

Filesize
1.6MB

Download
memory/3548-6-0x0000000000C50000-0x0000000000C52000-memory.dmp

Filesize
8KB

Download