d456e18f43772c789212938a91978c96d4191a9e480394eda4d82a86a2c73b9c

Analysis

max time kernel
374s
max time network
462s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 06:58

Target

d456e18f43772c789212938a91978c96d4191a9e480394eda4d82a86a2c73b9c.dll
Size

265KB
MD5

faeb7bd8a1d2998e726a843ed2fcfd2b
SHA1

629b1c00333b6fe3c51221e5d8de7c1d08563d83
SHA256

d456e18f43772c789212938a91978c96d4191a9e480394eda4d82a86a2c73b9c
SHA512

9bc884b219b431ae0c2b17013c06486986cbce449bb2f584bcce0561b730f530b15f07334599f7fc0eb71f97601fdb35e56b03fca078b9e42dc138677b3b56d3
SSDEEP

6144:Kaxt9xlQZxcv+g/H0vurB6rdKDGYxm9GYx/9Gtxg:bxEZiv+CI4B6rdKDGYxm9GYx/9Gtxg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 3448	2756	regsvr32.exe	79
PID 2756 wrote to memory of 3448	2756	regsvr32.exe	79
PID 2756 wrote to memory of 3448	2756	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d456e18f43772c789212938a91978c96d4191a9e480394eda4d82a86a2c73b9c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\d456e18f43772c789212938a91978c96d4191a9e480394eda4d82a86a2c73b9c.dll
  2⤵
  PID:3448