cd758b765a270ec80035d3d90f412abcd946430c6a8faa43a2490b8e38bb659e

Analysis

max time kernel
99s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 04:31

Target

cd758b765a270ec80035d3d90f412abcd946430c6a8faa43a2490b8e38bb659e.dll
Size

120KB
MD5

6d0de057d4ffbe3573ad918a34423a23
SHA1

f5e4c1600d4a5865c165e0eb7640db64700b9de9
SHA256

cd758b765a270ec80035d3d90f412abcd946430c6a8faa43a2490b8e38bb659e
SHA512

555734c839cd8ed97b20c257f83320295178316981fe35d77c1f36337db11f9f0483c87e1afd2206d394912756c3a4b25fc49b64b45d70c3dcb3c7edf3c543a1
SSDEEP

1536:vpq2QQzTa6+J9uafOmXOVv36v3qLqMtPt:nnzTkQKhXGf6v3qmMdt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 4288	2020	regsvr32.exe	83
PID 2020 wrote to memory of 4288	2020	regsvr32.exe	83
PID 2020 wrote to memory of 4288	2020	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cd758b765a270ec80035d3d90f412abcd946430c6a8faa43a2490b8e38bb659e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cd758b765a270ec80035d3d90f412abcd946430c6a8faa43a2490b8e38bb659e.dll
  2⤵
  PID:4288

memory/4288-133-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download