6124033fb0ddf5e242de9fb231e7772df0e584ebeb4c94074b9dc18fe3dd4b74

Analysis

max time kernel
145s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 12:15

Target

6124033fb0ddf5e242de9fb231e7772df0e584ebeb4c94074b9dc18fe3dd4b74.dll
Size

280KB
MD5

4dd1f8381f4bcf743d15ef1c7b44faee
SHA1

fb08e90f70458e2548203b45ee7218f5067765ea
SHA256

6124033fb0ddf5e242de9fb231e7772df0e584ebeb4c94074b9dc18fe3dd4b74
SHA512

165c89eb4c21bd240e4b9bc7753a99af04a3910d591315b10b1bec13cd9dd2a825d348ea2f3182dcb95a4b89fbe74c9aa2ac6daf5b2ff164e29e55493abaec0a
SSDEEP

6144:ZqKtWPg0q683f085Z41k4HDLQ3alhOa6J9wnMsPwD2THxIeM4KLJZq/8l4N97s:ZhtWfv/OhsPwDss4K94y4o

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 4880	4840	regsvr32.exe	81
PID 4840 wrote to memory of 4880	4840	regsvr32.exe	81
PID 4840 wrote to memory of 4880	4840	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6124033fb0ddf5e242de9fb231e7772df0e584ebeb4c94074b9dc18fe3dd4b74.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4840
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\6124033fb0ddf5e242de9fb231e7772df0e584ebeb4c94074b9dc18fe3dd4b74.dll
  2⤵
  PID:4880