2d851ae68c1ae043ae34dd8b9e0a975db3d62465683123adf63f023365b53b5c

Analysis

max time kernel
145s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 05:23

Target

2d851ae68c1ae043ae34dd8b9e0a975db3d62465683123adf63f023365b53b5c.dll
Size

192KB
MD5

37310d073f89ab9749f839dace898cea
SHA1

32c2dc658fa34d32da4fabaac5c5ac2eecbeea65
SHA256

2d851ae68c1ae043ae34dd8b9e0a975db3d62465683123adf63f023365b53b5c
SHA512

fae38be7c103d7fc6a627190651c259aaf1ba0f886736eb813b733beccd25bed3afca279b679fd97c71a752f309a17c700ac76a9282ceb1ff91c1c4899a01cfc
SSDEEP

3072:6c3kzIRsCkmcNrSM7hZmbon78Pt7pnIOzaR4hHWzL+5BMuJnTFFR/DQanKyZsfDN:1ksRSSMlZmSIPXzM4hHW/+TrFDtyx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 4916	2852	regsvr32.exe	83
PID 2852 wrote to memory of 4916	2852	regsvr32.exe	83
PID 2852 wrote to memory of 4916	2852	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2d851ae68c1ae043ae34dd8b9e0a975db3d62465683123adf63f023365b53b5c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2d851ae68c1ae043ae34dd8b9e0a975db3d62465683123adf63f023365b53b5c.dll
  2⤵
  PID:4916