d0089414a8e747cae95606542692157768a665d1991fa7a97e0070a7cab7a776

Analysis

max time kernel
66s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 14:27

Target

d0089414a8e747cae95606542692157768a665d1991fa7a97e0070a7cab7a776.dll
Size

182KB
MD5

d32fa5282c15e8e6fca9a317102d89fb
SHA1

3d16d33e4d6deb19f38078a84754f34ae0478aef
SHA256

d0089414a8e747cae95606542692157768a665d1991fa7a97e0070a7cab7a776
SHA512

3e21386386cafe9473bd23e4d7d00b21819adf41a4408fecf195a02d8f99531ab0da35a8c7607bf5a5d971edff656614ad9d9e7bc7bdd45b2b6584c483712538
SSDEEP

1536:yYAYdp+vEAgxBjzpY88ugoK4B+R2H7NHTxHjicMBCkoTYBSz4jHZ7M:RALvEAgxxzpMoKMa87NHTxHj/MBC9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3268 wrote to memory of 3396	3268	regsvr32.exe	83
PID 3268 wrote to memory of 3396	3268	regsvr32.exe	83
PID 3268 wrote to memory of 3396	3268	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d0089414a8e747cae95606542692157768a665d1991fa7a97e0070a7cab7a776.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3268
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\d0089414a8e747cae95606542692157768a665d1991fa7a97e0070a7cab7a776.dll
  2⤵
  PID:3396