dd95480742a651e32b9cdd4da5e85d5b728512330cd6d5dab564b59d03cd3bc2

Analysis

max time kernel
160s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 13:35

Target

dd95480742a651e32b9cdd4da5e85d5b728512330cd6d5dab564b59d03cd3bc2.dll
Size

83KB
MD5

371133d1f97bc4d3d8e414657a9355a0
SHA1

b0a82401645781e5fe14748d1f356d7720f137a8
SHA256

dd95480742a651e32b9cdd4da5e85d5b728512330cd6d5dab564b59d03cd3bc2
SHA512

88cad410aaa4d509aabb78ab9ba2ea3347da9cb911a68d27a207e6216ca1f261e71db28fc214a9fc2d4470816a1302558e5ef7f55d8f7eb9532aa6027209e02f
SSDEEP

1536:zIjsab9WEkUEAzs11+/nnJZL7aWsuN4kQfWNtMNwTs:Uj99WXmsbUnnL7Sy4kwWTts

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3956 wrote to memory of 4992	3956	regsvr32.exe	80
PID 3956 wrote to memory of 4992	3956	regsvr32.exe	80
PID 3956 wrote to memory of 4992	3956	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dd95480742a651e32b9cdd4da5e85d5b728512330cd6d5dab564b59d03cd3bc2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3956
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\dd95480742a651e32b9cdd4da5e85d5b728512330cd6d5dab564b59d03cd3bc2.dll
  2⤵
  PID:4992

memory/4992-133-0x000000005EDD0000-0x000000005EDE8000-memory.dmp

Filesize
96KB

Download
memory/4992-134-0x000000005EDD1000-0x000000005EDE1000-memory.dmp

Filesize
64KB

Download