26c1e46f85607879b71a6592cfee4afdad2a3f1947652afc16e1978ffd0d8bb2

Analysis

max time kernel
137s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 07:37

Target

98d7e5ac8a3a6135ca6b0d614a2f6e97.dll
Size

288KB
MD5

98d7e5ac8a3a6135ca6b0d614a2f6e97
SHA1

91b305e9ebdf8bf2834f0cce51683ecda8110b71
SHA256

26c1e46f85607879b71a6592cfee4afdad2a3f1947652afc16e1978ffd0d8bb2
SHA512

a183bcb9daf8b8e7073c436b3216a6ee2e9daa93ad216de39fd71c81ed61bf8fb3538ad06cb60a32dd7970bc3340b6152a0f7dcad4eefab0f12253736f31c21b
SSDEEP

6144:ErbQ90rtLJXW7bNzkOSB15a9A27w5KW6cdphUSIYPzMwqBp85ZYCU:ErFJRobNzkOSg5W6cqSIYPzwp84CU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 3168	2944	regsvr32.exe	84
PID 2944 wrote to memory of 3168	2944	regsvr32.exe	84
PID 2944 wrote to memory of 3168	2944	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\98d7e5ac8a3a6135ca6b0d614a2f6e97.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\98d7e5ac8a3a6135ca6b0d614a2f6e97.dll
  2⤵
  PID:3168

memory/3168-0-0x0000000000400000-0x00000000004CD000-memory.dmp

Filesize
820KB

Download
memory/3168-1-0x00000000012F0000-0x00000000012F2000-memory.dmp

Filesize
8KB

Download