ba1063de1ae3162e49809e9c0917ca98e6ad1686a862c6db50303035657642bb

Analysis

max time kernel
91s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 20:43

Target

ba1063de1ae3162e49809e9c0917ca98e6ad1686a862c6db50303035657642bb.dll
Size

656KB
MD5

0e65e918cbc38020b1395a1aa60f1aa0
SHA1

edbbb4c3a550852d332eeed881f345f949060f20
SHA256

ba1063de1ae3162e49809e9c0917ca98e6ad1686a862c6db50303035657642bb
SHA512

f2d8511e01792134f8b134121323a6809a7d7d7be88db5f12545cca84c6c550caabd7f35f1c138bf31f4f64f44b57c5b1c953e8f0a24d146be446a9d894d71af
SSDEEP

12288:Eh6i0k30N6xFUWxYtipr7D81O3WqVCjMES6Ias/dRKgKpGgy+CjQ0r:vkEwxFUWxLt/BG4CjM36IPwGzr

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 4064	2376	regsvr32.exe	79
PID 2376 wrote to memory of 4064	2376	regsvr32.exe	79
PID 2376 wrote to memory of 4064	2376	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ba1063de1ae3162e49809e9c0917ca98e6ad1686a862c6db50303035657642bb.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ba1063de1ae3162e49809e9c0917ca98e6ad1686a862c6db50303035657642bb.dll
  2⤵
  PID:4064