d0a11094a22e2742a57d57200c0592feb34bb8aeee8343f91e85161b6abcf52d

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:29

Target

d0a11094a22e2742a57d57200c0592feb34bb8aeee8343f91e85161b6abcf52d.dll
Size

340KB
MD5

47b55d8a31502437ae57ef7293c47fc1
SHA1

79283cca650e5f9213e3965e33d6098d17ee95f4
SHA256

d0a11094a22e2742a57d57200c0592feb34bb8aeee8343f91e85161b6abcf52d
SHA512

c6a519ee84c434c8a31cabd6c8c8382020ab26005eeea5092b662810c6638be9037ceb187c6bf1b5c55810f2f113f2f2661e6f2a93373124f056b476a0e7c4f4
SSDEEP

6144:DcVkYt3Wmltlsk7BPXS5Es2ATbwi844KacN:DVYtGmltlhaEbAAXFc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 4512 wrote to memory of 3796	4512	regsvr32.exe	regsvr32.exe
PID 4512 wrote to memory of 3796	4512	regsvr32.exe	regsvr32.exe
PID 4512 wrote to memory of 3796	4512	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d0a11094a22e2742a57d57200c0592feb34bb8aeee8343f91e85161b6abcf52d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4512

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\d0a11094a22e2742a57d57200c0592feb34bb8aeee8343f91e85161b6abcf52d.dll
2⤵
PID:3796