c12dba8006c54e56d24feac361ae1349fdcc2ea57a8370f723f8ae9900edadc7

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 11:08

Target

c12dba8006c54e56d24feac361ae1349fdcc2ea57a8370f723f8ae9900edadc7.dll
Size

116KB
MD5

43670402a12afa97344394bb90f7e820
SHA1

3df2b38ad7be6c9beb7145cc81a4169865f8457d
SHA256

c12dba8006c54e56d24feac361ae1349fdcc2ea57a8370f723f8ae9900edadc7
SHA512

14e687c8ee1348b6ac1db518bc9eb2ead3678b29483887615e24f54508c9206f40102c00f5181e5ab4db29d6e0f1c7e5c321319090925ca2b318f85e91c5d526
SSDEEP

768:9RoiMoqZOpQGSI9o/fFz1y85pN7HpB5D29msJ/3LcFkG0/BVEt2tvJHyEIRlJ5ek:fvxqZoQee1H4RJTcFWpqtYJMlPeBIb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 5048	4836	regsvr32.exe	82
PID 4836 wrote to memory of 5048	4836	regsvr32.exe	82
PID 4836 wrote to memory of 5048	4836	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c12dba8006c54e56d24feac361ae1349fdcc2ea57a8370f723f8ae9900edadc7.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c12dba8006c54e56d24feac361ae1349fdcc2ea57a8370f723f8ae9900edadc7.dll
  2⤵
  PID:5048