129534bd971ea7bef030acca2560b89b4c94b86bf21f80ad999e7cca63288786

Analysis

max time kernel
122s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 20:41

Target

129534bd971ea7bef030acca2560b89b4c94b86bf21f80ad999e7cca63288786.dll
Size

128KB
MD5

96dbdfc508ff28680f08a240cf6746e0
SHA1

601d836852e50db33da315d89ac5a384c3e673b4
SHA256

129534bd971ea7bef030acca2560b89b4c94b86bf21f80ad999e7cca63288786
SHA512

8b4984c0168a0a5eb81f9dab6a5ade6065bb2c95e9a1a2642e90f2fb8a96594747a2e2b58d61c0856ee9a97816b1fac80858a9aa548e0fccc9632261bffec4fd
SSDEEP

1536:vkUgJ+DGTC2tOmXbJVaK3R0XMJ33iU5hVXl7NeLZ61due6moMNNlltdgHXTzHrzP:srTOubqoNNfoR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 2256	4932	regsvr32.exe	83
PID 4932 wrote to memory of 2256	4932	regsvr32.exe	83
PID 4932 wrote to memory of 2256	4932	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\129534bd971ea7bef030acca2560b89b4c94b86bf21f80ad999e7cca63288786.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\129534bd971ea7bef030acca2560b89b4c94b86bf21f80ad999e7cca63288786.dll
  2⤵
  PID:2256