d5eeb99c4e8a99c5dee03f5a2d8c493bb05b8eff1705182b346d899861f4fd43

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 11:03

Target

d5eeb99c4e8a99c5dee03f5a2d8c493bb05b8eff1705182b346d899861f4fd43.dll
Size

91KB
MD5

954d2f68cfaef928c6d7a47321f453f6
SHA1

6b20073cfb604924cfaabdabcca969a67f64893f
SHA256

d5eeb99c4e8a99c5dee03f5a2d8c493bb05b8eff1705182b346d899861f4fd43
SHA512

dcedfb7aa5d9f0379a1ea359e3fb7a614160a42c2481adbda3e7c7a1c4331beafc1b9bbe6b14194b717968f9aa859c650966f229f6a34a7f5a569e0c8325d72a
SSDEEP

1536:ClWB4fGmJ7vkPCv4fHVbtj+ncADNbuLreYdr+VXAOCdsjdQDp0WpY/A4e:ClY4+mJTkPQWVbtacAoLrRdiVgdEdQDr

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 4636	4344	regsvr32.exe	80
PID 4344 wrote to memory of 4636	4344	regsvr32.exe	80
PID 4344 wrote to memory of 4636	4344	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d5eeb99c4e8a99c5dee03f5a2d8c493bb05b8eff1705182b346d899861f4fd43.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\d5eeb99c4e8a99c5dee03f5a2d8c493bb05b8eff1705182b346d899861f4fd43.dll
  2⤵
  PID:4636