b26153ed48f77e1dbb143fea19125076c43845835a2b4dee9458967ac483b23b

Analysis

max time kernel
145s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/11/2022, 23:06

Target

b26153ed48f77e1dbb143fea19125076c43845835a2b4dee9458967ac483b23b.dll
Size

128KB
MD5

6e7adce82498ebc09b017eaac811203f
SHA1

919d0b226feb3337b498e2d4d5d2fd192f659088
SHA256

b26153ed48f77e1dbb143fea19125076c43845835a2b4dee9458967ac483b23b
SHA512

ab0cfee2d27812a071ca8570a92c270a8f4f8db40d93b7d86eb35199a120a7227024d491af5f39c4929b16787b2c7ec701842d8d87808bdbb0b42180f7e62b10
SSDEEP

1536:QkUgJ+DwTC2tOmXbJVaK3R0XMJ33iU5hVXl7NeLZ61due6moMNNlltdgHXTzHrz9:hdTOubqoNNfov

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 2992	3704	regsvr32.exe	80
PID 3704 wrote to memory of 2992	3704	regsvr32.exe	80
PID 3704 wrote to memory of 2992	3704	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b26153ed48f77e1dbb143fea19125076c43845835a2b4dee9458967ac483b23b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b26153ed48f77e1dbb143fea19125076c43845835a2b4dee9458967ac483b23b.dll
  2⤵
  PID:2992