582938a9f3936f806c39877fc65128340006b8d998af7aeb70d8a11c0a6a4bec

Analysis

max time kernel
136s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 11:06

Target

582938a9f3936f806c39877fc65128340006b8d998af7aeb70d8a11c0a6a4bec.dll
Size

120KB
MD5

6e761f53d8f8524897024a222ae40155
SHA1

e799e0d24846bc38a459e3f18d028869b6bbabc4
SHA256

582938a9f3936f806c39877fc65128340006b8d998af7aeb70d8a11c0a6a4bec
SHA512

5d32995ab48ab106a96a20d75a788b1bd415d94d7ab5c0d6a9ca618c3d1665e9b52bc173773ccc9ab47840039970989be951c046a2db32b6722afbc58381dccd
SSDEEP

1536:+Vq0QBiiT9uCS2TWCZ1R7Nu+RMV+0jcfNIFDIMChH:U2iisCSd7+RMV+0jcfNmCZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1316 wrote to memory of 4860	1316	regsvr32.exe	83
PID 1316 wrote to memory of 4860	1316	regsvr32.exe	83
PID 1316 wrote to memory of 4860	1316	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\582938a9f3936f806c39877fc65128340006b8d998af7aeb70d8a11c0a6a4bec.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1316
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\582938a9f3936f806c39877fc65128340006b8d998af7aeb70d8a11c0a6a4bec.dll
  2⤵
  PID:4860