5cb0e457a936fb52f0f88fe91427e2731043074a1f59a571ed28e0cb94fefbfa

Analysis

max time kernel
138s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 12:35

Target

5cb0e457a936fb52f0f88fe91427e2731043074a1f59a571ed28e0cb94fefbfa.dll
Size

128KB
MD5

4b4fa350c1e990346a27f439bee77290
SHA1

bd24fa547e0b021a3b14b8328552cfc0f4cdf65d
SHA256

5cb0e457a936fb52f0f88fe91427e2731043074a1f59a571ed28e0cb94fefbfa
SHA512

4f7c24bb294f2dceb90a632d986f03d721af1865b6b0ce1bd1105f60613ee53ee76736f47574e69ef0778299f3c411e512e246ba90b24debff8c6d389494caa4
SSDEEP

3072:eZDhq6JladLfSFuVsB+Sbgxk9AycQquJwAMG8t:gfa1gg8XaycQquJwAM9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 5072	4968	regsvr32.exe	81
PID 4968 wrote to memory of 5072	4968	regsvr32.exe	81
PID 4968 wrote to memory of 5072	4968	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5cb0e457a936fb52f0f88fe91427e2731043074a1f59a571ed28e0cb94fefbfa.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5cb0e457a936fb52f0f88fe91427e2731043074a1f59a571ed28e0cb94fefbfa.dll
  2⤵
  PID:5072