c1db5fb78d152cf70b27a2fb78674a5b51c6113cd831ca93b7427c6116323918

Analysis

max time kernel
108s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2024, 21:41

Target

70a13f7769275970614f859f8f2d1754.dll
Size

176KB
MD5

70a13f7769275970614f859f8f2d1754
SHA1

c92c1c80e806d92995f934641b11fc916e3948be
SHA256

c1db5fb78d152cf70b27a2fb78674a5b51c6113cd831ca93b7427c6116323918
SHA512

9a291c034d154ab8a9560cbff3f1f081b1b789e308fa9f9c33ad0c5e680d927c772201765dfc4db3f9256c3e69b2d39203b926508669f8de4adacbad7c7cc406
SSDEEP

3072:QspK9jYuhOxuHPmz8xWRcenRPCU6g/d+XciJuUPAvvJkK7t:QspWYxW6ckRPCC+X5fPAvig

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 4612	1400	regsvr32.exe	87
PID 1400 wrote to memory of 4612	1400	regsvr32.exe	87
PID 1400 wrote to memory of 4612	1400	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\70a13f7769275970614f859f8f2d1754.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\70a13f7769275970614f859f8f2d1754.dll
  2⤵
  PID:4612