437d883f7db43bbfbb3cf0f770275d193370213aa92aedd9db1239e8d0e5e083

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 21:22

Target

437d883f7db43bbfbb3cf0f770275d193370213aa92aedd9db1239e8d0e5e083.dll
Size

1.8MB
MD5

dd9068c43d66be922fc38a80f4976a77
SHA1

9770367a79db1fb6ec1a8ef789cee8694a75d9ef
SHA256

437d883f7db43bbfbb3cf0f770275d193370213aa92aedd9db1239e8d0e5e083
SHA512

7d43187b34127d81e583e82045e5150773085aa10518bdfc1b659dbf45edfacdfd0338b6ecac89f8cec01017d87a5ca8558b70f82ec99543b0c3527ace31c466
SSDEEP

12288:aHRdW95FxLxz69kRMj3wrKkAd8KW1SpvTSL48bqVxrFf2hMCqvtana80LGo7RAVF:axMLWkRagr3+vTSL4dVqhcvpGkl7Q

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 4072	1584	regsvr32.exe	84
PID 1584 wrote to memory of 4072	1584	regsvr32.exe	84
PID 1584 wrote to memory of 4072	1584	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\437d883f7db43bbfbb3cf0f770275d193370213aa92aedd9db1239e8d0e5e083.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\437d883f7db43bbfbb3cf0f770275d193370213aa92aedd9db1239e8d0e5e083.dll
  2⤵
  PID:4072