95dfd9700d1ee2d478a529b238d617304d6e97c2e759a71d0ad23b8d3900ce90

Analysis

max time kernel
147s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2022, 04:11

Target

95dfd9700d1ee2d478a529b238d617304d6e97c2e759a71d0ad23b8d3900ce90.dll
Size

44KB
MD5

52f377a9f5d7ea4b4273bcbc9077c6d0
SHA1

33c4619e9b64f47ede5e8dcd43d942c91fb6b664
SHA256

95dfd9700d1ee2d478a529b238d617304d6e97c2e759a71d0ad23b8d3900ce90
SHA512

40941eeec465567d5783e6d45e0bf973b705c9e92c6874bf79da7e76a7ba64370d33b57b9910daf4f3468da42b7071ca3808700b40b94b2018a7d9d3701442d0
SSDEEP

768:t88F+8S1Rh3eBh3m7PzXie3kw/CVYIpy63oyn9Q1AxExdEbl3J:tjS3U3m7PzTk7TF3oy9nxUK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 1428	2548	regsvr32.exe	82
PID 2548 wrote to memory of 1428	2548	regsvr32.exe	82
PID 2548 wrote to memory of 1428	2548	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\95dfd9700d1ee2d478a529b238d617304d6e97c2e759a71d0ad23b8d3900ce90.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\95dfd9700d1ee2d478a529b238d617304d6e97c2e759a71d0ad23b8d3900ce90.dll
  2⤵
  PID:1428