a5989c480ec6506247325652a1f3cb415934675de3877270ae0f65edd9b14d13

Analysis

max time kernel
92s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07-10-2022 19:07

Target

a5989c480ec6506247325652a1f3cb415934675de3877270ae0f65edd9b14d13.dll
Size

766KB
MD5

520ee511034717f5499fb66f9c0b76a5
SHA1

3a33de9a84bbc76161895178e3d13bcd28f7d8fe
SHA256

a5989c480ec6506247325652a1f3cb415934675de3877270ae0f65edd9b14d13
SHA512

71aa0b3c175ac0ac90e837e649cdc7013262cf62265ba02f3ecdcbd7bbc8a20574fecfa21189572039ad4cafc3b41c5a12ad26ad9bafd4d1f70bfd931a7737be
SSDEEP

12288:bMzdMxHXTL+RGjMY9Hrc6yOHXOpcAFVWfKxob/ytkYag:bMZaBL/dXOp3FcfKxo7Ca

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 1688	3444	regsvr32.exe	80
PID 3444 wrote to memory of 1688	3444	regsvr32.exe	80
PID 3444 wrote to memory of 1688	3444	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a5989c480ec6506247325652a1f3cb415934675de3877270ae0f65edd9b14d13.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a5989c480ec6506247325652a1f3cb415934675de3877270ae0f65edd9b14d13.dll
  2⤵
  PID:1688

memory/1688-133-0x0000000000EF0000-0x0000000000F2F000-memory.dmp

Filesize
252KB

Download
memory/1688-139-0x0000000000EF0000-0x0000000000F2F000-memory.dmp

Filesize
252KB

Download