0e428c72c145b056c4ac91eb4e23dc4da47dc41b7672dc020baeb444f08840ae

Analysis

max time kernel
90s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 12:57

Target

9733d944b47228daac8270f8d2c30911.dll
Size

664KB
MD5

9733d944b47228daac8270f8d2c30911
SHA1

82b0911288663748eb293ce84e068b44512bc0a4
SHA256

0e428c72c145b056c4ac91eb4e23dc4da47dc41b7672dc020baeb444f08840ae
SHA512

a72b876fd7820ef65c798c453c7fd84b20770771315d9fb7f6e228e2c647b3a1c74942c69958cbda5843e66c2bd7e5898620e07b6df649e1e0a1d1cd02430a55
SSDEEP

12288:2si5g4y9f2QPRmxiDozjLst4kY/P5+YuaVaYlIALrDbzeZ5ea4HMq:2mxFT4jP5+titlJrDWx4T

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 1840	2700	regsvr32.exe	84
PID 2700 wrote to memory of 1840	2700	regsvr32.exe	84
PID 2700 wrote to memory of 1840	2700	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9733d944b47228daac8270f8d2c30911.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\9733d944b47228daac8270f8d2c30911.dll
  2⤵
  PID:1840