9a023260b3534ed87d0a5cf9860a48327d53fdb9cc052a7fee7e7fcf363a59dd

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-09-2022 14:22

Target

b9bf1da1f7f1393bf0cd52d114695948966cca6d96ba7ea75ef93dea869b1c48.dll
Size

580KB
MD5

4996d66bbab56a876179ee55dde4fc7e
SHA1

290925abbd06a5c78b7250fee1cc21ca7bbab547
SHA256

b9bf1da1f7f1393bf0cd52d114695948966cca6d96ba7ea75ef93dea869b1c48
SHA512

315bb61bd78f31441e4184daf6fac4cf347604c3d2da54776ffce52a893e1f3cc7484f667eeb1afe01380713749b273776c72cc9cf8bddc50b7d03bf7997d719
SSDEEP

12288:I+hod2fxvHcQhUwUSCfZBmAZgTWkUJXzh7f6H:I+hrv8Q0S2ZBX1kUJF7f6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 824	2152	regsvr32.exe	84
PID 2152 wrote to memory of 824	2152	regsvr32.exe	84
PID 2152 wrote to memory of 824	2152	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b9bf1da1f7f1393bf0cd52d114695948966cca6d96ba7ea75ef93dea869b1c48.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b9bf1da1f7f1393bf0cd52d114695948966cca6d96ba7ea75ef93dea869b1c48.dll
  2⤵
  PID:824