5807f3494958d161777ad702b76e25d68ebee52bb99484c848b6c070b6c48f81

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 07:24

Target

cad3715419840ea4b25e11cbb32e41d7.dll
Size

130KB
MD5

cad3715419840ea4b25e11cbb32e41d7
SHA1

f65e308fbb43d26f69f95f0fea0b56f2be497348
SHA256

5807f3494958d161777ad702b76e25d68ebee52bb99484c848b6c070b6c48f81
SHA512

eaecbadd645b549a2655ccaa2ada49b9a5922c2712f34c9880702ad418158d88cd5f85ce654797b2b064721deb5ba12de388c1c0a807a7a9deeff773770c7f0f
SSDEEP

1536:J2h6Y105Vs8i2h6Y105Vs8i2h6Y105Vs8i2h6Y105Vs8:Ky5Vs8ly5Vs8ly5Vs8ly5Vs8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 4252	1684	regsvr32.exe	87
PID 1684 wrote to memory of 4252	1684	regsvr32.exe	87
PID 1684 wrote to memory of 4252	1684	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cad3715419840ea4b25e11cbb32e41d7.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cad3715419840ea4b25e11cbb32e41d7.dll
  2⤵
  PID:4252