053a80924ba97159673c5b908b78ff87bc63b4c079c432efadf3331864a0e69d

Analysis

max time kernel
146s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 11:08

Target

053a80924ba97159673c5b908b78ff87bc63b4c079c432efadf3331864a0e69d.dll
Size

588KB
MD5

e278b878cefcb3d3bdb3bedf4fed1580
SHA1

da86fc98e4d1eef0e8fa9815410704c527daa6ad
SHA256

053a80924ba97159673c5b908b78ff87bc63b4c079c432efadf3331864a0e69d
SHA512

7943cb4e5023ff9baafcbfc5b65028de172ad262a209259247c8f5b33ecae516c4a4c27e7bc3c35b6b0bc1ae8c1c44b5ad70287fe696c817332d903e206f149d
SSDEEP

1536:ZGkmYRQcowbqwI81hDTlBSaDzdlK+hiKbZXwiBkH+6oFLYVNsU6:/mYRsanP1hrSaDzDZXJk+6oFLeGU6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4444 wrote to memory of 2192	4444	regsvr32.exe	80
PID 4444 wrote to memory of 2192	4444	regsvr32.exe	80
PID 4444 wrote to memory of 2192	4444	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\053a80924ba97159673c5b908b78ff87bc63b4c079c432efadf3331864a0e69d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4444
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\053a80924ba97159673c5b908b78ff87bc63b4c079c432efadf3331864a0e69d.dll
  2⤵
  PID:2192