059173b1fa60130e2a4bf2f81206602fc05791f33c824107aad6c83a40757109

Analysis

max time kernel
153s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 04:42

Target

059173b1fa60130e2a4bf2f81206602fc05791f33c824107aad6c83a40757109.dll
Size

128KB
MD5

cd95d4f16d8b55c440b4887b38c5a020
SHA1

ad863ff9a594835ce92f70244b41e782659a0823
SHA256

059173b1fa60130e2a4bf2f81206602fc05791f33c824107aad6c83a40757109
SHA512

32834e411e749ae8afbbf8078b95c3eebdbd4f27ed19f7661d18241ecce4f5fdd61b6913dccbcd07f1ed547544ebbad2cbb3c6f1e1977d807c61f20f1be872c0
SSDEEP

1536:0JqYQw0QByS5A8i2li95fpFg7ezKMTlCkPm36:WBbYS5A/2ik4lC5q

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1028 wrote to memory of 2576	1028	regsvr32.exe	80
PID 1028 wrote to memory of 2576	1028	regsvr32.exe	80
PID 1028 wrote to memory of 2576	1028	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\059173b1fa60130e2a4bf2f81206602fc05791f33c824107aad6c83a40757109.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1028
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\059173b1fa60130e2a4bf2f81206602fc05791f33c824107aad6c83a40757109.dll
  2⤵
  PID:2576