fd1aba2152b1126945c73c206beaaf8a3b95b471678f8a6fc750841afe3b312a

Analysis

max time kernel
141s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 10:34

Target

fd1aba2152b1126945c73c206beaaf8a3b95b471678f8a6fc750841afe3b312a.dll
Size

139KB
MD5

fcb17130b4d8ff3001258385a123355e
SHA1

5ccae4ab707850d6cf6cab1a4f8367a42d41091f
SHA256

fd1aba2152b1126945c73c206beaaf8a3b95b471678f8a6fc750841afe3b312a
SHA512

fbd8d7f73eb1fe1f6cf9a57164ab0ac3ec7022fbbb6e5e500206f5b8c7d94d620a8b10752d076515fea43abfe23a8fbd3f6ba7d93c88be5db603d70b8b4b04af
SSDEEP

3072:3a04dCHu3Bd4j7xbSfOiMS+7yMQYr+NtJ1oLRyGlSA1:q0bIgbA8GFYr+Ntfha

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 2260	5000	regsvr32.exe	80
PID 5000 wrote to memory of 2260	5000	regsvr32.exe	80
PID 5000 wrote to memory of 2260	5000	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fd1aba2152b1126945c73c206beaaf8a3b95b471678f8a6fc750841afe3b312a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\fd1aba2152b1126945c73c206beaaf8a3b95b471678f8a6fc750841afe3b312a.dll
  2⤵
  PID:2260