02efbb86e6a0351ff6d4c53717022ea9341982b90972aa50d7526d9498b5833c

Analysis

max time kernel
104s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 21:31

Target

0be18a98547a908b4586ee5538fe1990N.dll
Size

600KB
MD5

0be18a98547a908b4586ee5538fe1990
SHA1

1c435b6c88a10065749ccabf2bf46b506374345f
SHA256

02efbb86e6a0351ff6d4c53717022ea9341982b90972aa50d7526d9498b5833c
SHA512

c1bcf759fc3df0f740d9d5cd741aaa6edfdccb97f2ad75ce4a6a33fe87cfac04732e6ad04dc60ed146aa37be00b2119d4302bccd4a118114eadb05491fb8f16c
SSDEEP

12288:DXNGICG95U/plcL228r+dQ0AETXS7bouOVecBRVpsWG3+J9DS:DXoIh954plckCbAETX0bouoWWMKS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 1344	1364	regsvr32.exe	84
PID 1364 wrote to memory of 1344	1364	regsvr32.exe	84
PID 1364 wrote to memory of 1344	1364	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0be18a98547a908b4586ee5538fe1990N.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0be18a98547a908b4586ee5538fe1990N.dll
  2⤵
  PID:1344