d39bdde121d691a3480b0684b3681a85ee9a2553b4037d2c319f0e48d9a89650

Analysis

max time kernel
95s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 07:13

Target

d39bdde121d691a3480b0684b3681a85ee9a2553b4037d2c319f0e48d9a89650.dll
Size

24KB
MD5

64cf484ea4ca21ff464538c64e344f80
SHA1

2a27ac364eae2a5b0f2625f2775205a80e51334f
SHA256

d39bdde121d691a3480b0684b3681a85ee9a2553b4037d2c319f0e48d9a89650
SHA512

93e5d8f12fec90e8542137155c1c70a468a668bd81b5396c112a8ee9f2415c2758fd2f418ae2015f9e721b10bea9f2eac9a3dbb2877fbe54790a9c21f09744f9
SSDEEP

384:1rD7R47dof5hbk0pNH5najHihrIvyC+MmNthgNangxWoN+fXYQUNmXldv0mymMcY:1rD7bTbtDnarICyCpiteNNP8ZUNtVCz2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 660 wrote to memory of 1556	660	regsvr32.exe	81
PID 660 wrote to memory of 1556	660	regsvr32.exe	81
PID 660 wrote to memory of 1556	660	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d39bdde121d691a3480b0684b3681a85ee9a2553b4037d2c319f0e48d9a89650.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:660
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\d39bdde121d691a3480b0684b3681a85ee9a2553b4037d2c319f0e48d9a89650.dll
  2⤵
  PID:1556