521ca9f92fd53f8fcf73ad0a7fa2f8817ba566a6d0b39f211ee09bea653f515e

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 10:59

Target

521ca9f92fd53f8fcf73ad0a7fa2f8817ba566a6d0b39f211ee09bea653f515e.dll
Size

264KB
MD5

3beba5b144001b9c27c6b350b7b2cc20
SHA1

971434a57bbd6debc8c1a99cb5473c9d7214a495
SHA256

521ca9f92fd53f8fcf73ad0a7fa2f8817ba566a6d0b39f211ee09bea653f515e
SHA512

f3d00e6ef19b0026c77c519f1835d374ed2bbb00f508f2ed73a325094c36c93c5d7e944e9ebc04432a94cb32ad96a4473c3cd665113aa5464bd3433566a09ffe
SSDEEP

3072:ys4RMdUOg+uzkgRRW7n4d5lNv2N4H2wlXyKg1gu8zin3uSTH0oaAi6qHo/+:PUOg+uET47+N4Ps6u8UH68qW+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 4340	3556	regsvr32.exe	83
PID 3556 wrote to memory of 4340	3556	regsvr32.exe	83
PID 3556 wrote to memory of 4340	3556	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\521ca9f92fd53f8fcf73ad0a7fa2f8817ba566a6d0b39f211ee09bea653f515e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\521ca9f92fd53f8fcf73ad0a7fa2f8817ba566a6d0b39f211ee09bea653f515e.dll
  2⤵
  PID:4340