2f3e7bef4f4d2a8e56f4b7436af1da37e2d35cba25833a838864828b8ede5e34

Analysis

max time kernel
179s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 03:29

Target

2f3e7bef4f4d2a8e56f4b7436af1da37e2d35cba25833a838864828b8ede5e34.dll
Size

636KB
MD5

801f5d4cbabe46f43beb87cb353cb2f7
SHA1

aa4b98336e110aea1d4fb07d1cfecc3870da3035
SHA256

2f3e7bef4f4d2a8e56f4b7436af1da37e2d35cba25833a838864828b8ede5e34
SHA512

e5877f393fc3ff2c85cf7aadac2bc9bb381299d99bd488c3624a63bb04041b8b02f127439cd337f8b64b668bc395523d50f7d25b29c7b703a6742272d67e1bd8
SSDEEP

12288:jHztGB6l9ia4Lv68yoaaPu5vb+YF/zYwrwof8i:jJGwl9ia4Lv68yoaam5vb+u/zlUK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 4996	4972	regsvr32.exe	84
PID 4972 wrote to memory of 4996	4972	regsvr32.exe	84
PID 4972 wrote to memory of 4996	4972	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2f3e7bef4f4d2a8e56f4b7436af1da37e2d35cba25833a838864828b8ede5e34.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2f3e7bef4f4d2a8e56f4b7436af1da37e2d35cba25833a838864828b8ede5e34.dll
  2⤵
  PID:4996