d2c5d4c5d1d102d655b160b74bf1f0b8a638662de1d5b3c2d1b9a28606213a42

Analysis

max time kernel
138s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
02/11/2023, 15:44

Target

d2c5d4c5d1d102d655b160b74bf1f0b8a638662de1d5b3c2d1b9a28606213a42.dll
Size

657KB
MD5

0f34963a297bd853aeff286b99fbd5ec
SHA1

e78fd99db37aff712d05a5e4606587928a22552f
SHA256

d2c5d4c5d1d102d655b160b74bf1f0b8a638662de1d5b3c2d1b9a28606213a42
SHA512

ec05475546bdf8b64c19ad24e028bd03f3a1e2ea7a5a968ddec757d14da6a4849dc9fa54f5d6f7da60c386229eb3d169e55ee2004606b3b7f9fc64d622be7308
SSDEEP

6144:s/cYeZ2K4lMiDbn1jrBfcDQrcrfGyDKDjKncbI1FPvCN29eJYvC:s0YeZdiDRjrBlseDkPY298Y6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2448 wrote to memory of 1664	2448	regsvr32.exe	87
PID 2448 wrote to memory of 1664	2448	regsvr32.exe	87
PID 2448 wrote to memory of 1664	2448	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d2c5d4c5d1d102d655b160b74bf1f0b8a638662de1d5b3c2d1b9a28606213a42.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2448
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\d2c5d4c5d1d102d655b160b74bf1f0b8a638662de1d5b3c2d1b9a28606213a42.dll
  2⤵
  PID:1664