cdb290f25d8cc02f99f0e3d2de063485e81703a3e367bc8111f114d54e968795

Analysis

max time kernel
89s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2024 07:34

Target

8bc32e94e5dbeb2334b1ec967c25bffb.dll
Size

117KB
MD5

8bc32e94e5dbeb2334b1ec967c25bffb
SHA1

bdbcf6fdc0cab5f75a78683cf03bf69f595542b1
SHA256

cdb290f25d8cc02f99f0e3d2de063485e81703a3e367bc8111f114d54e968795
SHA512

a4231a4fcd2af0eae8fb4a43e1135dafa0817ab3afd192c178ca1e20e1a458bb00ce51a631cbe6aa6a63bdb62d5fb1b67b70ba087a5b45475378651ee44acbef
SSDEEP

3072:yjvckcLZVoRCPP8l8VutkQPFyQQzH0DXdbqyvaS+LVs/GFK9Nro6:yLck2PUleuyQPFQzHCqyvQKqWro

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 2240	960	regsvr32.exe	43
PID 960 wrote to memory of 2240	960	regsvr32.exe	43
PID 960 wrote to memory of 2240	960	regsvr32.exe	43

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8bc32e94e5dbeb2334b1ec967c25bffb.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\8bc32e94e5dbeb2334b1ec967c25bffb.dll
  2⤵
  PID:2240

memory/2240-1-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/2240-0-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download