dd6d91ccb5c2b20b6a13fd6290f6c359d136987bb3d16f2655b5b30950d976b6

Analysis

max time kernel
138s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
28-08-2023 14:06

Target

dd6d91ccb5c2b20b6a13fd6290f6c359d136987bb3d16f2655b5b30950d976b6.dll
Size

283KB
MD5

e0f2f3bab4cdc346cd9f9085e28f6b50
SHA1

7a99a2d67d445ccc3aa72201ca9e186649b26b4c
SHA256

dd6d91ccb5c2b20b6a13fd6290f6c359d136987bb3d16f2655b5b30950d976b6
SHA512

f2b7facf967895a8f48f426150daa304c7b74bb944bce219806b3ad5bf66ddd5fa2882719f6075b02cc1a644309346cfbd9c6acdaea9194e2a55df474d3650fe
SSDEEP

6144:0s85NNEl9YcuCmZRHYp0mq4OWfX87k5jUkrKo34TJ9H8AhizF:KCtlV0k5jNKCQJ58nzF

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 2660	1116	regsvr32.exe	85
PID 1116 wrote to memory of 2660	1116	regsvr32.exe	85
PID 1116 wrote to memory of 2660	1116	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dd6d91ccb5c2b20b6a13fd6290f6c359d136987bb3d16f2655b5b30950d976b6.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\dd6d91ccb5c2b20b6a13fd6290f6c359d136987bb3d16f2655b5b30950d976b6.dll
  2⤵
  PID:2660