537fb046a7f67f73aaea26d24b49864bd0e7685649d58a14525c4f90c2946482

Analysis

max time kernel
139s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 02:49

Target

537fb046a7f67f73aaea26d24b49864bd0e7685649d58a14525c4f90c2946482.dll
Size

2.2MB
MD5

12d377a96890a914ef853c7141433fc3
SHA1

5dd8d270761387f14642299d68e89e72de5522b9
SHA256

537fb046a7f67f73aaea26d24b49864bd0e7685649d58a14525c4f90c2946482
SHA512

24a3b6f2aacdfcd7ad800faf1c63b26bb01b29a2c96e415295fd06be1139bb43f1c6508c77d5d469c491e82e6a078abb4b76d6cc598d9416f8fdc3f02e4144e3
SSDEEP

49152:VX70OiJBC2d+wliw5QJatP/8xpT2sHBQp72O:VX7Jizd+wd5MaF8/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4244 wrote to memory of 4792	4244	regsvr32.exe	82
PID 4244 wrote to memory of 4792	4244	regsvr32.exe	82
PID 4244 wrote to memory of 4792	4244	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\537fb046a7f67f73aaea26d24b49864bd0e7685649d58a14525c4f90c2946482.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4244
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\537fb046a7f67f73aaea26d24b49864bd0e7685649d58a14525c4f90c2946482.dll
  2⤵
  PID:4792