64abeff06d6cccf157cd511ef61df8fad092d30f5e9188e7355a1a28a1a3c464

Analysis

max time kernel
128s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 07:52

Target

64abeff06d6cccf157cd511ef61df8fad092d30f5e9188e7355a1a28a1a3c464.dll
Size

120KB
MD5

5d40add763a26ee3f9d6675b58955e42
SHA1

6c6bbf9e49c459817b58e6d41d14a3deab5a39d8
SHA256

64abeff06d6cccf157cd511ef61df8fad092d30f5e9188e7355a1a28a1a3c464
SHA512

f3c9ed0d4c483dc0b438aeff4b8fdaab04dc9c1a049b290a5dd58bcbfcf271b2699e5e6ab1053a2c65dc0ee09825869ff8e566ca6067869d9c76f2cbc7cc8914
SSDEEP

1536:ZhqqQFDf6MmbFmWImx6Ay15WnNQYEM6ss1c0:ViDfUoDm4A5nNQ1/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3588 wrote to memory of 376	3588	regsvr32.exe	82
PID 3588 wrote to memory of 376	3588	regsvr32.exe	82
PID 3588 wrote to memory of 376	3588	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\64abeff06d6cccf157cd511ef61df8fad092d30f5e9188e7355a1a28a1a3c464.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3588
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\64abeff06d6cccf157cd511ef61df8fad092d30f5e9188e7355a1a28a1a3c464.dll
  2⤵
  PID:376