3bfd6e95571f90cb7de842021b8fcfb79f03382b9846c3d5c5c7de77745ca83a

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 11:32

Target

cdf4ac26f24be4ab729e9db8712ebe6d.dll
Size

154KB
MD5

cdf4ac26f24be4ab729e9db8712ebe6d
SHA1

d08b9bfb38a3fb0bd04f2c1628a0862df7c61c99
SHA256

3bfd6e95571f90cb7de842021b8fcfb79f03382b9846c3d5c5c7de77745ca83a
SHA512

0bb466c98ddfd108a6d98b27d789550c7a1e870b8a97873934a3990dc921d74b443e53d78912742b2f226aed062dbb57379331187b89a5b51dffc777fdbbd5ea
SSDEEP

3072:ttFUF/4J2FUF/4J2FUF/4J2FUF/4J2FUF/4J2FUF/4J2FUF/4J2FUF/4J2FUF/4W:ttFY4IFY4IFY4IFY4IFY4IFY4IFY4IFZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 2844	1352	regsvr32.exe	87
PID 1352 wrote to memory of 2844	1352	regsvr32.exe	87
PID 1352 wrote to memory of 2844	1352	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cdf4ac26f24be4ab729e9db8712ebe6d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cdf4ac26f24be4ab729e9db8712ebe6d.dll
  2⤵
  PID:2844

memory/2844-0-0x0000000000010000-0x0000000000029000-memory.dmp

Filesize
100KB

Download