b599eb13c5f6e16bff48f4ad5b0300a59fa0e8d58de9ade7d47028f899554c36

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 10:30

Target

b599eb13c5f6e16bff48f4ad5b0300a59fa0e8d58de9ade7d47028f899554c36.dll
Size

782KB
MD5

272b61079ace2523ea9034e54cc89600
SHA1

09aad11b19d972bfab5aede7de8491886c1e824d
SHA256

b599eb13c5f6e16bff48f4ad5b0300a59fa0e8d58de9ade7d47028f899554c36
SHA512

8d67d4963a6ff752de843cc8cfd81317451ed9a2bf3a528be29f2e28aa1dd30ac2888dae85420aca00637874368f908dccc0afde46000043705ae5714536a247
SSDEEP

24576:qxHRCCMpEGZ87FESpY5kTYxpGxgl0PMyqniPkl:gNeED7NY5kTGpGxgloMyqniPkl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 3728	1728	regsvr32.exe	81
PID 1728 wrote to memory of 3728	1728	regsvr32.exe	81
PID 1728 wrote to memory of 3728	1728	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b599eb13c5f6e16bff48f4ad5b0300a59fa0e8d58de9ade7d47028f899554c36.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b599eb13c5f6e16bff48f4ad5b0300a59fa0e8d58de9ade7d47028f899554c36.dll
  2⤵
  PID:3728