a3f8788052cf05228d9d00679d025e073a0e19fb323ed58bb37d17b888910308

Analysis

max time kernel
149s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:42

Target

a3f8788052cf05228d9d00679d025e073a0e19fb323ed58bb37d17b888910308.dll
Size

256KB
MD5

52874caf75be9fde31dcec26e1acee35
SHA1

2b00463412788a73e19b9a11dfd9d5e7cf5be528
SHA256

a3f8788052cf05228d9d00679d025e073a0e19fb323ed58bb37d17b888910308
SHA512

93188bd9c1263bb4f9bf300f224bdf1645d14df7c493de98040b99bc2c32bbc40a1a5bc0af0a101791b7e43e53f7f740c42f164a950ac2252e0c524e6f916778
SSDEEP

6144:C2T59Z4/dJvy/Toc6fPG1DIblKrr/OGGfPg:fZIpy/TofTMWGc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 404 wrote to memory of 5096	404	regsvr32.exe	regsvr32.exe
PID 404 wrote to memory of 5096	404	regsvr32.exe	regsvr32.exe
PID 404 wrote to memory of 5096	404	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a3f8788052cf05228d9d00679d025e073a0e19fb323ed58bb37d17b888910308.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:404

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\a3f8788052cf05228d9d00679d025e073a0e19fb323ed58bb37d17b888910308.dll
2⤵
PID:5096