4d36eaec1b7373733b611eb0b887fffd00796c78e7e5e620db2652f09b9bb250

Analysis

max time kernel
146s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 23:28

Target

bd15d85fd7c69f49b92058cf04cf7ab9.dll
Size

227KB
MD5

bd15d85fd7c69f49b92058cf04cf7ab9
SHA1

85ba4ebe8fd8a4faca82cc844b51859a19f38f76
SHA256

4d36eaec1b7373733b611eb0b887fffd00796c78e7e5e620db2652f09b9bb250
SHA512

3125a8c3b5092199e218dc87bb35e893140869ce3dcf0745855bf7eccb0de71c61f6d991bf6504192df98b6daa13f11906baaf1b338c106008fada280d9aa079
SSDEEP

3072:Hj+76dxgj+76dxgj+76dxgj+76dxgj+76dxgj+76dxgj+76dx:y76dl76dl76dl76dl76dl76dl76d

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2728 wrote to memory of 4064	2728	regsvr32.exe	88
PID 2728 wrote to memory of 4064	2728	regsvr32.exe	88
PID 2728 wrote to memory of 4064	2728	regsvr32.exe	88

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bd15d85fd7c69f49b92058cf04cf7ab9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2728
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\bd15d85fd7c69f49b92058cf04cf7ab9.dll
  2⤵
  PID:4064