26c174c52a56d362b5ba5fb0b012174ae3951fcab917396f66bb9e4075ceffa8

Analysis

max time kernel
137s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 09:21

Target

990d08039e0482082f1591d441edbd19.dll
Size

28KB
MD5

990d08039e0482082f1591d441edbd19
SHA1

f0597a0031f5e799e0be46e3a00da2ed998b0700
SHA256

26c174c52a56d362b5ba5fb0b012174ae3951fcab917396f66bb9e4075ceffa8
SHA512

d0245da89ec7d671fee8bec6d2dc71a12847bf83e2099e89950934f80c0d3d4b319375885cab07f5bc7dcd08db2a2f2f5bc611f6579ef90c92885ebbfd63ae27
SSDEEP

384:5Ytkqo12YQYyMoAAG9c7k9gPQk+cebvzkChSNCQvD9lS1AsO02gX1HGrgdH3tII:5Yu1xyMoAAp7kVk+piCgxHsEI1Hu

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 1420	880	regsvr32.exe	84
PID 880 wrote to memory of 1420	880	regsvr32.exe	84
PID 880 wrote to memory of 1420	880	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\990d08039e0482082f1591d441edbd19.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:880
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\990d08039e0482082f1591d441edbd19.dll
  2⤵
  PID:1420