5da9db71b3a67cd6e6d47c13a7526cbe14c3aebc9725ccec262a060c236a715e

Analysis

max time kernel
296s
max time network
432s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 23:32

Target

5da9db71b3a67cd6e6d47c13a7526cbe14c3aebc9725ccec262a060c236a715e.dll
Size

128KB
MD5

22bb3aca5c1ac49e6bf0a52d1bf53710
SHA1

de9c4e65ff739ec3812a37bce2c974e47686e895
SHA256

5da9db71b3a67cd6e6d47c13a7526cbe14c3aebc9725ccec262a060c236a715e
SHA512

0f081817a540b1d4e31416fdb87768989d471f15cf1dadbc528d6e7099888baf5bfe2fa00ff620c9ed2b492166a47d5c112a18843c0d72ac1128434d7f95538d
SSDEEP

1536:ZDfR/Fo2LeV/dFPzmqiTyaDLhYETtyGqgo+Xos0Fmu1k6:ZhFDeV/rPz7oqHGDo+Xos0Uu1k6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 5096	4984	regsvr32.exe	80
PID 4984 wrote to memory of 5096	4984	regsvr32.exe	80
PID 4984 wrote to memory of 5096	4984	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5da9db71b3a67cd6e6d47c13a7526cbe14c3aebc9725ccec262a060c236a715e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5da9db71b3a67cd6e6d47c13a7526cbe14c3aebc9725ccec262a060c236a715e.dll
  2⤵
  PID:5096

memory/5096-133-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download