28ed0c5aa370cf899a90613d8b6d598d4f5d896718898fbb1989cf9375fbe079

Analysis

max time kernel
89s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 03:38

Target

28ed0c5aa370cf899a90613d8b6d598d4f5d896718898fbb1989cf9375fbe079.dll
Size

31KB
MD5

7acd5eb6181b919e8f74831047987829
SHA1

0ecae8defb312d7cb662944c8a27c8d3ac1b2ae7
SHA256

28ed0c5aa370cf899a90613d8b6d598d4f5d896718898fbb1989cf9375fbe079
SHA512

217ffee23448a3a998c3e8b38ac2042dc35dfe9d83f8911b558df4a4e86cb805d1d146987e83beb008ccdb400db15000ad7366120d9afbbe3455c2b9a9791590
SSDEEP

384:+lhXmpWOFKVZOOFloE+JkgtNclgl5+JBrO+ieGsoanbVWBkc1WmKYJLsyj:sAIOehvMLtwysJseGqbebDLsyj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 2240	1836	regsvr32.exe	83
PID 1836 wrote to memory of 2240	1836	regsvr32.exe	83
PID 1836 wrote to memory of 2240	1836	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\28ed0c5aa370cf899a90613d8b6d598d4f5d896718898fbb1989cf9375fbe079.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\28ed0c5aa370cf899a90613d8b6d598d4f5d896718898fbb1989cf9375fbe079.dll
  2⤵
  PID:2240