6c0ffc0cb2a09a720ce834a153c12ae218abb2e2ae0d4518ec8fbb34a7c052f8

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2024 19:16

Target

72d563fe5133fc167b6b0516c66f6ecb.dll
Size

45KB
MD5

72d563fe5133fc167b6b0516c66f6ecb
SHA1

b5d2a602b346cabbcedfe672859b06ea24a61065
SHA256

6c0ffc0cb2a09a720ce834a153c12ae218abb2e2ae0d4518ec8fbb34a7c052f8
SHA512

88901e0578362402395d80a712c511b1a8d58188467301e59ffbcae730cb6abb53f2721d654f84231fb03332f915bbf2868eca1c8a0190e37ecde9e3e43ee8c2
SSDEEP

768:UdezPrfvVNIywt3d91fy7L3JFArOQatBW7Bctrvlq3nS8ZWZl5zC:Ie7rVjG3oL0rO5uBct7lq3nS8Zou

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 1516	392	regsvr32.exe	86
PID 392 wrote to memory of 1516	392	regsvr32.exe	86
PID 392 wrote to memory of 1516	392	regsvr32.exe	86

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\72d563fe5133fc167b6b0516c66f6ecb.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:392
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\72d563fe5133fc167b6b0516c66f6ecb.dll
  2⤵
  PID:1516