6a441734b34cdee31a01164140b0c88966fbb4358dcb63a14ae6824f09e9476f

Resubmissions

02/10/2022, 18:19

02/10/2022, 18:03

max time kernel
149s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 18:19

Target

6a441734b34cdee31a01164140b0c88966fbb4358dcb63a14ae6824f09e9476f.dll
Size

768KB
MD5

685a38092179c2e5602c06faba7287e6
SHA1

986f69a43e0bf174f73139785ec8f969acf5aa55
SHA256

6a441734b34cdee31a01164140b0c88966fbb4358dcb63a14ae6824f09e9476f
SHA512

1781d2e6dc467102f4df2d0c44ccffc40024482a50b2c9bc0b43ef58355d5baef431ab8011a21963ae9864676726f7a930e1f8cd4c21fd5ec4209586454c68ac
SSDEEP

12288:EPdF891nFoMWTbeuTDQg993x/f5NAgt2TBvU8iuLZCmcg1psp:EfntRbrae7mS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 4820	4624	regsvr32.exe	83
PID 4624 wrote to memory of 4820	4624	regsvr32.exe	83
PID 4624 wrote to memory of 4820	4624	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6a441734b34cdee31a01164140b0c88966fbb4358dcb63a14ae6824f09e9476f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\6a441734b34cdee31a01164140b0c88966fbb4358dcb63a14ae6824f09e9476f.dll
  2⤵
  PID:4820

memory/4820-133-0x0000000000D90000-0x0000000000DCF000-memory.dmp

Filesize
252KB

Download
memory/4820-139-0x0000000000D90000-0x0000000000DCF000-memory.dmp

Filesize
252KB

Download