b15b442afe3f40605c0e939759a1272f2fe37e7cdf9566d1e178dc793b06091f

Analysis

max time kernel
93s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-02-2024 00:13

Target

ad36aa1748182ff37d270e2ec5e69946.dll
Size

227KB
MD5

ad36aa1748182ff37d270e2ec5e69946
SHA1

cd54b42792156a509e4ea8bef81ef8cccb6bdcd5
SHA256

b15b442afe3f40605c0e939759a1272f2fe37e7cdf9566d1e178dc793b06091f
SHA512

4e76d7b5eb0fcdc20339fb3ce68f87d88c4b9a84084e884888213d9f8cbc0d7b05a722b7d91b8424065e82a4915c44f453a7f38f946659053a3374b6ffa611ad
SSDEEP

3072:vIF+SmLUIF+SmLUIF+SmLUIF+SmLUIF+SmLUIF+SmLUIF+SmL:W+9n+9n+9n+9n+9n+9n+9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 3968	2208	regsvr32.exe	87
PID 2208 wrote to memory of 3968	2208	regsvr32.exe	87
PID 2208 wrote to memory of 3968	2208	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ad36aa1748182ff37d270e2ec5e69946.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ad36aa1748182ff37d270e2ec5e69946.dll
  2⤵
  PID:3968