3f016b700def6b15715da2b5baf5fb37c2ec1a55243c0611d41889d040111b5f

Analysis

max time kernel
139s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 11:59

Target

3f016b700def6b15715da2b5baf5fb37c2ec1a55243c0611d41889d040111b5f.dll
Size

21KB
MD5

13c8fc74af968a0684023589522bda64
SHA1

5ad0afa0a36e48821d8a607090ca64dcd56e1ed4
SHA256

3f016b700def6b15715da2b5baf5fb37c2ec1a55243c0611d41889d040111b5f
SHA512

f27cc5cb728d93df909f59719b03f90616e8011746f994243896fe6ff7aef7ea1bdfea148019871477616de022ebc2ddbaa7d3fcc0c2fcaddea949c4206a1787
SSDEEP

384:nI7/oyovtadmvOfdPV8hY688kBMmrGErG5oDJcZomYs:IzLYaWOfdd8hY688kBMj0JcSmYs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 4884	2388	regsvr32.exe	83
PID 2388 wrote to memory of 4884	2388	regsvr32.exe	83
PID 2388 wrote to memory of 4884	2388	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3f016b700def6b15715da2b5baf5fb37c2ec1a55243c0611d41889d040111b5f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3f016b700def6b15715da2b5baf5fb37c2ec1a55243c0611d41889d040111b5f.dll
  2⤵
  PID:4884