3d15250e9854fe8a067d45e54d8ec6c65823b187466c7c17f1efe478ddde059d

Analysis

max time kernel
138s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 05:40

Target

3d15250e9854fe8a067d45e54d8ec6c65823b187466c7c17f1efe478ddde059d.dll
Size

588KB
MD5

b65a61451e3de1904d3d6275d4859c90
SHA1

d9a32a4ac553f2ac50d34b60cafc24e5117e35b3
SHA256

3d15250e9854fe8a067d45e54d8ec6c65823b187466c7c17f1efe478ddde059d
SHA512

ae2f3496a50d141ad96112fc91a4957d8218a463271089344b34f3d012363f9f4ed57cdd62481ce8e88f121bf799cb632a809f48d243e7c1486ff82ecbd5dd73
SSDEEP

768:s58e3rPYY2uXZ9hAVaYUStKIZ+2fJcwqVETAz4HMBbsjjRGPZMos/V:rrY2IGM7IZ+nVETAzFs1foE

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 4248	1476	regsvr32.exe	79
PID 1476 wrote to memory of 4248	1476	regsvr32.exe	79
PID 1476 wrote to memory of 4248	1476	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3d15250e9854fe8a067d45e54d8ec6c65823b187466c7c17f1efe478ddde059d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3d15250e9854fe8a067d45e54d8ec6c65823b187466c7c17f1efe478ddde059d.dll
  2⤵
  PID:4248