a16f73bb2c26801bdcadfc6d5a60911799d3adea6ca700bed13db2059d5f0010

Analysis

max time kernel
66s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 10:32

Target

a16f73bb2c26801bdcadfc6d5a60911799d3adea6ca700bed13db2059d5f0010.dll
Size

222KB
MD5

c727e83383f1ca1fc5c42a24050477b1
SHA1

742e86ed5520eae932fbb9fa51c02b699587efde
SHA256

a16f73bb2c26801bdcadfc6d5a60911799d3adea6ca700bed13db2059d5f0010
SHA512

0ac9578c6a176ad3dbe9da47e5643591e3e409b100a0b00b2795b182ef6a1d99b204ac4ac9ff5c99f648869c48368daaa0c67f034a60b744772a0f5e2d4f73d6
SSDEEP

3072:lYdtJXvQHC2y826eL/uVZxOEnYmBeWBvGVQBPSgIuAkBa:cYHzy8pCvm7BvNq2xBa

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 1824	2440	regsvr32.exe	79
PID 2440 wrote to memory of 1824	2440	regsvr32.exe	79
PID 2440 wrote to memory of 1824	2440	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a16f73bb2c26801bdcadfc6d5a60911799d3adea6ca700bed13db2059d5f0010.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a16f73bb2c26801bdcadfc6d5a60911799d3adea6ca700bed13db2059d5f0010.dll
  2⤵
  PID:1824