5efcb463b7ba73693559eeb77e7269795203c7729b02d4d172051ed041ea1375

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 05:49

Target

5eaa247720032bff0e9f0d14683521f0N.dll
Size

469KB
MD5

5eaa247720032bff0e9f0d14683521f0
SHA1

c4f8c491c12a6e8d716f006ac489e1cea18e1cb0
SHA256

5efcb463b7ba73693559eeb77e7269795203c7729b02d4d172051ed041ea1375
SHA512

f943ab4c25e58d3fdabcafa1bbb075c53d6b421d57b4c5202c751cd24bd757a8502617db4a3702a1efb173e4abcb1f5a8d961b2b71b15a03217b76c9f1b210b1
SSDEEP

6144:kDDp3i8GIl0Q1jYdyo2Oyeec51o0WODkviR6swMV21QGbDihpPTl:CVG60Q1jGybP7qoARhEQGcR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 4912	1536	regsvr32.exe	84
PID 1536 wrote to memory of 4912	1536	regsvr32.exe	84
PID 1536 wrote to memory of 4912	1536	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5eaa247720032bff0e9f0d14683521f0N.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5eaa247720032bff0e9f0d14683521f0N.dll
  2⤵
  PID:4912

memory/4912-0-0x0000000074FDA000-0x0000000074FFC000-memory.dmp

Filesize
136KB

Download