b305269920121c0bd4d9e9ce4dbcdf589f333872c7f3fb07c826ce407a4be411

Analysis

max time kernel
186s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 15:00

Target

b305269920121c0bd4d9e9ce4dbcdf589f333872c7f3fb07c826ce407a4be411.dll
Size

588KB
MD5

a95b9c2af874903da1415f07e2c5eb39
SHA1

22ba37ca2397b015396596e7216bdbdd6bf60c2e
SHA256

b305269920121c0bd4d9e9ce4dbcdf589f333872c7f3fb07c826ce407a4be411
SHA512

f36d751332156fa3f3e11593f4ed5cf2d8b76cbb5a2df928dda420da82f0e48a099c1aadcd4ffeefeadc148d832a64f5f38a8253b0527d0c07ca8d391af0f24a
SSDEEP

768:Ku8eQi4b2/XZNxAVIkSi2TkKPR2fJcw61UTzS4HMwXYRRGPZMoNiR5:oNb2/GGi2npX1UTzSIoXfoNm5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 644 wrote to memory of 3500	644	regsvr32.exe	82
PID 644 wrote to memory of 3500	644	regsvr32.exe	82
PID 644 wrote to memory of 3500	644	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b305269920121c0bd4d9e9ce4dbcdf589f333872c7f3fb07c826ce407a4be411.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:644
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b305269920121c0bd4d9e9ce4dbcdf589f333872c7f3fb07c826ce407a4be411.dll
  2⤵
  PID:3500