f111f8fcedee46cbb5e1a3ebf91e70a3872300fd50bf6c6b7f3433cd71093d62

Analysis

max time kernel
90s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 11:51

Target

f111f8fcedee46cbb5e1a3ebf91e70a3872300fd50bf6c6b7f3433cd71093d62.dll
Size

176KB
MD5

c8061189f111591a1805451ca815d36b
SHA1

3d28d468d97343d0aba305f8cbe233172812c049
SHA256

f111f8fcedee46cbb5e1a3ebf91e70a3872300fd50bf6c6b7f3433cd71093d62
SHA512

438beca7ab1d35c032f76bc335fc3a7e1382ffdae65f5ee43561c2f0c0a4e106455139fe18fd85c64bac173e9ed2f4bd8344e9fb0c24b7f4644f7592d2428519
SSDEEP

1536:ICXROAD6hsH+kKY0hyrF+ap4O7skhygV8nIIt8odcYHTqA1kCVjT:vTQXahVGhp1nT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 4952	3080	regsvr32.exe	84
PID 3080 wrote to memory of 4952	3080	regsvr32.exe	84
PID 3080 wrote to memory of 4952	3080	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f111f8fcedee46cbb5e1a3ebf91e70a3872300fd50bf6c6b7f3433cd71093d62.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f111f8fcedee46cbb5e1a3ebf91e70a3872300fd50bf6c6b7f3433cd71093d62.dll
  2⤵
  PID:4952