79942d19d209a6e1228227ec249cd6d858fddbd5a1366fec73f144533d92f04b

Analysis

max time kernel
118s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2022 19:28

Target

79942d19d209a6e1228227ec249cd6d858fddbd5a1366fec73f144533d92f04b.dll
Size

172KB
MD5

4f669d80ce971f76f71e0fa7ace38830
SHA1

c5077aa7ffa5a386091efeb9a8835906df55cb57
SHA256

79942d19d209a6e1228227ec249cd6d858fddbd5a1366fec73f144533d92f04b
SHA512

1f3c1b2a2d4818af5bb9419879fe45ffd597404dedd4ca32d70c864945411d39a29cf6f0bd0b8f9a034bc39946d1fbab15a63d5491eff9a1fcc98755b2cc9dc0
SSDEEP

3072:Q6TgoneEy94+BZ3N2oG1Azjb+HucFxj9J5ZBNm0IanPkmj1BPDvOi:HMLEy3rrjSOc1PD1Zv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 4820	4588	regsvr32.exe	82
PID 4588 wrote to memory of 4820	4588	regsvr32.exe	82
PID 4588 wrote to memory of 4820	4588	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\79942d19d209a6e1228227ec249cd6d858fddbd5a1366fec73f144533d92f04b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\79942d19d209a6e1228227ec249cd6d858fddbd5a1366fec73f144533d92f04b.dll
  2⤵
  PID:4820