c601738d05c574fd18c33977deb79502c3a703748f856cced0a003f16fb819f4

Analysis

max time kernel
196s
max time network
198s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 21:15

Target

c601738d05c574fd18c33977deb79502c3a703748f856cced0a003f16fb819f4.dll
Size

32KB
MD5

83cc3c0b9d56ab6243a79c7b90d231f9
SHA1

910cc4486f0f1bccc37d3298a9283b20140ed550
SHA256

c601738d05c574fd18c33977deb79502c3a703748f856cced0a003f16fb819f4
SHA512

34bb39559ec50ca514cd3a79466e94ab0ed28ff6e764ceef5ab83212e206584a967e9e0527063feb63057f6c14bcb46970ac2f6563dc5d5949dbe2d7ca653334
SSDEEP

768:8PSACC8hJXDXc3gwEGBNqgVsqR006xQsSw8/K:8PSAKJxBoNqgqqYxxSg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 788	1536	regsvr32.exe	82
PID 1536 wrote to memory of 788	1536	regsvr32.exe	82
PID 1536 wrote to memory of 788	1536	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c601738d05c574fd18c33977deb79502c3a703748f856cced0a003f16fb819f4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c601738d05c574fd18c33977deb79502c3a703748f856cced0a003f16fb819f4.dll
  2⤵
  PID:788

memory/788-132-0x0000000000000000-mapping.dmp

Download
memory/788-133-0x0000000000750000-0x000000000075E000-memory.dmp

Filesize
56KB

Download