66bbf517ac4ce8a6ee4a3dd3d1a8e61aa59d0eeef4fc59887c3090c7d074d397

Analysis

max time kernel
138s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 08:22

Target

66bbf517ac4ce8a6ee4a3dd3d1a8e61aa59d0eeef4fc59887c3090c7d074d397.dll
Size

588KB
MD5

f19fb3d53a2065fc61af37e59b9e13e8
SHA1

88de58b04f4f05bf5dff7c96fe08916a2bad2b61
SHA256

66bbf517ac4ce8a6ee4a3dd3d1a8e61aa59d0eeef4fc59887c3090c7d074d397
SHA512

47c51d8a2c2f8981d1ebbf2775164c10819e129aae41d6c0efac8048a8a2dadd89445927c8711abbb2fd67c32f6b07db1170dc48b7ff336131d1dd7b4c9a0da4
SSDEEP

1536:6GkmYRQcowbqwI81hDTlBSaDzdlK+hiKbZXwBOBkH+6oHLdAVNsU6:KmYRsanP1hrSaDzDZXk0k+6oHLdWGU6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 3372	4192	regsvr32.exe	85
PID 4192 wrote to memory of 3372	4192	regsvr32.exe	85
PID 4192 wrote to memory of 3372	4192	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\66bbf517ac4ce8a6ee4a3dd3d1a8e61aa59d0eeef4fc59887c3090c7d074d397.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\66bbf517ac4ce8a6ee4a3dd3d1a8e61aa59d0eeef4fc59887c3090c7d074d397.dll
  2⤵
  PID:3372