6bf0a3cd99cf45d87b4ea0390cc41f37eae581b6955d692e30e694e2a31815dd

Analysis

max time kernel
66s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 14:21

Target

6bf0a3cd99cf45d87b4ea0390cc41f37eae581b6955d692e30e694e2a31815dd.dll
Size

1.2MB
MD5

21ec811695d77af52978f03b01d2158e
SHA1

e7a7de8ec3aa61c6dd1147f985154742c94784f7
SHA256

6bf0a3cd99cf45d87b4ea0390cc41f37eae581b6955d692e30e694e2a31815dd
SHA512

e76997038b6433dcf036522e48b6c7c83f7361a1913b84fffc0d6814ea8331679050f429f58825af13d355597f767a505f763e6db4d6d723245e35b4ce308bb7
SSDEEP

6144:wFTjKDU6KTpveJ4jmWXhHJLUWN+6TDvkBKkk4PgdMK6iAwz:wdjKwc4XHJL00kkSp1g

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 1476	2224	regsvr32.exe	84
PID 2224 wrote to memory of 1476	2224	regsvr32.exe	84
PID 2224 wrote to memory of 1476	2224	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6bf0a3cd99cf45d87b4ea0390cc41f37eae581b6955d692e30e694e2a31815dd.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\6bf0a3cd99cf45d87b4ea0390cc41f37eae581b6955d692e30e694e2a31815dd.dll
  2⤵
  PID:1476