1b272ff4f2dd872c321d232e02cc0666fbb1b72ae1e10c82027d3d2ba9a3221d

Analysis

max time kernel
166s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2022, 17:11

Target

1b272ff4f2dd872c321d232e02cc0666fbb1b72ae1e10c82027d3d2ba9a3221d.dll
Size

120KB
MD5

6f4e3549f3dccc4ffea52ccd54e8607f
SHA1

618f962d83a017c7c22ccef84c10bca4bbe4cf6e
SHA256

1b272ff4f2dd872c321d232e02cc0666fbb1b72ae1e10c82027d3d2ba9a3221d
SHA512

5dfbabb697bdb6437678ded14f645d2db4e464fc58f54ab35ed1125d722b90e68615ff3e54edf90817bbb420885ab435b52b2da8fd491050764da99ed71a672f
SSDEEP

768:4ypq2QGrIi97ES6OG9rMXuzXExOvGKeRNuHBrVT8MMFSY44js5H1WTJpJoaldcb:vpq2QnUd6MaExIeyH3gOYBjK4Jpib

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2580 wrote to memory of 5112	2580	regsvr32.exe	82
PID 2580 wrote to memory of 5112	2580	regsvr32.exe	82
PID 2580 wrote to memory of 5112	2580	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1b272ff4f2dd872c321d232e02cc0666fbb1b72ae1e10c82027d3d2ba9a3221d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2580
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1b272ff4f2dd872c321d232e02cc0666fbb1b72ae1e10c82027d3d2ba9a3221d.dll
  2⤵
  PID:5112