16382116209d36576cda96fd4cb3b4fbe2baed0907009759064a9800143042ce

Analysis

max time kernel
172s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 09:13

Target

16382116209d36576cda96fd4cb3b4fbe2baed0907009759064a9800143042ce.dll
Size

588KB
MD5

8092185284a7175977a391fae49816fa
SHA1

5190234066e915851e0b85cdbd065aa883b28e1d
SHA256

16382116209d36576cda96fd4cb3b4fbe2baed0907009759064a9800143042ce
SHA512

62f5d39f153f40e51d5319f485f2aea16eb3631b874ca982ee5b0f28bea4c958635fcc6b0bbcb79a72d0c095bb037d8b6b6ff1faf45fb5edc87a6824b6e96968
SSDEEP

768:dS8e8GYY2uXZ9hAVawuStKIZ+2fJcwqVETAz4HMBbsjjRGPZMoPpV:5xY2IGe7IZ+nVETAzFs1foP3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4692 wrote to memory of 4748	4692	regsvr32.exe	80
PID 4692 wrote to memory of 4748	4692	regsvr32.exe	80
PID 4692 wrote to memory of 4748	4692	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\16382116209d36576cda96fd4cb3b4fbe2baed0907009759064a9800143042ce.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4692
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\16382116209d36576cda96fd4cb3b4fbe2baed0907009759064a9800143042ce.dll
  2⤵
  PID:4748