af21a25662a69ab173f74a513b43893dd0233d99fca7530c51ed846040713a5e

Analysis

max time kernel
91s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/11/2022, 23:20

Target

af21a25662a69ab173f74a513b43893dd0233d99fca7530c51ed846040713a5e.dll
Size

588KB
MD5

eee6dbaec719466983482c7b153bf0d7
SHA1

b8c093a0c2575980dd177860cfaa501e3a64a8d8
SHA256

af21a25662a69ab173f74a513b43893dd0233d99fca7530c51ed846040713a5e
SHA512

1eb07a04a36f65b7c9a9d2a7a1bfaf9d0392094e025828a541d22133ce77fb67e42aa84ee7d93b8b6ae08900b3b4d560090ef022967c16c54328e9a187237ad4
SSDEEP

768:S58e3sSYY2uXZ9hAVaAeStKIZ+2fJcwqVETAz4HMBbsjjRGPZMoHhV:JFY2IGe7IZ+nVETAzFs1foHP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 1780	5056	regsvr32.exe	80
PID 5056 wrote to memory of 1780	5056	regsvr32.exe	80
PID 5056 wrote to memory of 1780	5056	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\af21a25662a69ab173f74a513b43893dd0233d99fca7530c51ed846040713a5e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\af21a25662a69ab173f74a513b43893dd0233d99fca7530c51ed846040713a5e.dll
  2⤵
  PID:1780