788c79d9cdcd8867446080719485102c5089225ef931a535dafa5496741ea58e

Analysis

max time kernel
134s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 20:00

Target

788c79d9cdcd8867446080719485102c5089225ef931a535dafa5496741ea58e.dll
Size

160KB
MD5

3b2347b52f9d74c3ebea3b012e1b3809
SHA1

61f8dd50d366e735423b55301a992f44f4514110
SHA256

788c79d9cdcd8867446080719485102c5089225ef931a535dafa5496741ea58e
SHA512

489b3d0ab3870bcaa6ba07d15cd590bed7036eea81beee69752d8364727db1b3a0e76bd7f7c024d335e222e6ea55625405c7dedf4da2d6ccedfc5a1d8f81827c
SSDEEP

3072:bZcHGrNrWVejKQa6PUJIjPNdaEFnupO4Ncua4+/pU7y5/aXpPBGhG:CHkrWVejKQa6PUeMEv4Nwcy9a5pQG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 4300	1852	regsvr32.exe	80
PID 1852 wrote to memory of 4300	1852	regsvr32.exe	80
PID 1852 wrote to memory of 4300	1852	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\788c79d9cdcd8867446080719485102c5089225ef931a535dafa5496741ea58e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\788c79d9cdcd8867446080719485102c5089225ef931a535dafa5496741ea58e.dll
  2⤵
  PID:4300

memory/4300-133-0x000000006D470000-0x000000006D498000-memory.dmp

Filesize
160KB

Download