1c819e15c512b2f849b7f4ea3a72505a0790ff957ea3466f7b0ac885c90ba979

Analysis

max time kernel
0s
max time network
20s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 18:30

Target

ac8fbe97a0f9e2e26789f5befbcc8ab8.dll
Size

181KB
MD5

ac8fbe97a0f9e2e26789f5befbcc8ab8
SHA1

28d5482eb274ec36e96d6278f0d6dfcdf5dbd2e4
SHA256

1c819e15c512b2f849b7f4ea3a72505a0790ff957ea3466f7b0ac885c90ba979
SHA512

aaa0a87729469a2d4cbb72dccf70f4a3714a12117094d46e7894b2972e590a66e2de7929b27074c807bf5d1c8a7e92e6969c234fb75b2cdde69cbbb6bc250e47
SSDEEP

3072:HzpaPVWJ7f5Du6ItNNWwT7cgbbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyVU7U:FuVsu6ItNrTJwvP6bQ7yMP+DE827Y5iG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4672 wrote to memory of 4256	4672	regsvr32.exe	89
PID 4672 wrote to memory of 4256	4672	regsvr32.exe	89
PID 4672 wrote to memory of 4256	4672	regsvr32.exe	89

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ac8fbe97a0f9e2e26789f5befbcc8ab8.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4672
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ac8fbe97a0f9e2e26789f5befbcc8ab8.dll
  2⤵
  PID:4256

memory/4256-0-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download