50cfffc310a41f97d8376d2aff621f58a8ead380effde9a19b51e7b4131065a2

Analysis

max time kernel
93s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2024, 23:28

Target

8acdce75ce1a396fff52796fce18e856.dll
Size

315KB
MD5

8acdce75ce1a396fff52796fce18e856
SHA1

db9b3aa87f7709e152baecb0347b91d1bb184568
SHA256

50cfffc310a41f97d8376d2aff621f58a8ead380effde9a19b51e7b4131065a2
SHA512

5a571596525e727f6937b4be82fba1b084229deb7462697f7036f151f24d1ad954904f24e38bbdb08a3581e30aa32530a3105eb78525f18651399968e8406478
SSDEEP

6144:QwHHnSyMq20pooAK8Y39gM5EnvosPvijXOdMOgF/39q/w0uYvn5fHrm:70YlNsPs4NgF/8/ZV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3172 wrote to memory of 4324	3172	regsvr32.exe	84
PID 3172 wrote to memory of 4324	3172	regsvr32.exe	84
PID 3172 wrote to memory of 4324	3172	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8acdce75ce1a396fff52796fce18e856.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3172
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\8acdce75ce1a396fff52796fce18e856.dll
  2⤵
  PID:4324