6d388064b0a35ee13af0412bc4c37d5ff6019ba4e2ed2ec8ad0c231e12ad2b46

Analysis

max time kernel
190s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 03:52

Target

6d388064b0a35ee13af0412bc4c37d5ff6019ba4e2ed2ec8ad0c231e12ad2b46.dll
Size

588KB
MD5

ddbc75df8fb534f16c19512bb506e926
SHA1

92a4312977c1e2471ca8e3f7eda180695eea68c2
SHA256

6d388064b0a35ee13af0412bc4c37d5ff6019ba4e2ed2ec8ad0c231e12ad2b46
SHA512

7ee2c28ca0a752c0a66afac20c4502bcd10cacdb452f709c66679693172fbbe3a9d33de66b4de2045c6ea4741bef0d9b17af07080f8640ff9e432781d70b4e5a
SSDEEP

768:24Rs4+DvYi20XZ9hAVx/qtKIZ+2fJcwqVETAz4HMBbsjjRGPZMosV:FsIi2iGVDIZ+nVETAzFs1foo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3596 wrote to memory of 2588	3596	regsvr32.exe	85
PID 3596 wrote to memory of 2588	3596	regsvr32.exe	85
PID 3596 wrote to memory of 2588	3596	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6d388064b0a35ee13af0412bc4c37d5ff6019ba4e2ed2ec8ad0c231e12ad2b46.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3596
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\6d388064b0a35ee13af0412bc4c37d5ff6019ba4e2ed2ec8ad0c231e12ad2b46.dll
  2⤵
  PID:2588