58d1bf913fa29d2744e85ff6fd793e4121e7573449f4e2bdb91463142b6acc36

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 12:17

Target

58d1bf913fa29d2744e85ff6fd793e4121e7573449f4e2bdb91463142b6acc36.dll
Size

248KB
MD5

88e8745d831ad5808bca929afde7765f
SHA1

7420e39e9ab69bffdccbda3ed99e4225e682591c
SHA256

58d1bf913fa29d2744e85ff6fd793e4121e7573449f4e2bdb91463142b6acc36
SHA512

fb9197ff5d3a723499674f3e8ff53d04181be3a69631b07114df8856e208b85703dc346642a7cee177cffa08f984ffcf58765d23ac79490257d793284fa91999
SSDEEP

3072:khQRpXIupWcLGowxXNQJJEH/mKTvE8XEdVqG6X0z5hEBDzhnCygfCHof/O4y1biT:khoYCzGbqEBZXxoDGZ9PHczl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 2948	4676	regsvr32.exe	86
PID 4676 wrote to memory of 2948	4676	regsvr32.exe	86
PID 4676 wrote to memory of 2948	4676	regsvr32.exe	86

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\58d1bf913fa29d2744e85ff6fd793e4121e7573449f4e2bdb91463142b6acc36.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\58d1bf913fa29d2744e85ff6fd793e4121e7573449f4e2bdb91463142b6acc36.dll
  2⤵
  PID:2948