c4b51634aadd2c16c891166958ef974639e66fb7ef7964c22b32d8d9347706ed

Analysis

max time kernel
135s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 13:12

Target

NaturalLanguage6.dll
Size

797KB
MD5

8bed7c8fc9701efdfb0206666c061d40
SHA1

2d2c5bd8e06e034db615c8d904479822fb3e1555
SHA256

c4b51634aadd2c16c891166958ef974639e66fb7ef7964c22b32d8d9347706ed
SHA512

7c7d45c44a88699b073309969a1f8f376f4dda103889fc88f11b8b712069c31ea63402fbdd65b872df879fd12d1603a42362a3bd84ac8f1ee3725c2cbe7b3fa7
SSDEEP

12288:4w2NFn7GdT/vpPmAGG2uOlTkR9WbKXczFSBsKdcitmbocHbJ5o:4wwFQheAGJlTkR9WbNzF4sKciUbjHbQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 704	4044	regsvr32.exe	85
PID 4044 wrote to memory of 704	4044	regsvr32.exe	85
PID 4044 wrote to memory of 704	4044	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NaturalLanguage6.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\NaturalLanguage6.dll
  2⤵
  PID:704