fcef03612612f9cf5f92b4e898dab18de92a589cb3151982ee59b46b95c6f077

Analysis

max time kernel
111s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2022, 04:34

Target

fcef03612612f9cf5f92b4e898dab18de92a589cb3151982ee59b46b95c6f077.dll
Size

120KB
MD5

75a288f2a374cd852090b816659c0c40
SHA1

45f3548fdae9907d21be9b3e369958920257f76e
SHA256

fcef03612612f9cf5f92b4e898dab18de92a589cb3151982ee59b46b95c6f077
SHA512

3a2f3196b5c11a991e38adb7c3ad1e64dbd653559286a8d98611c18a8bbfcbc5e9b87c15252f16184e3764f27f8d75735e85743954b60632c4dc24ca1f4b9f18
SSDEEP

1536:ZhzGqSQGQ1ADAfRAFMFnc5ZpL/sxUo0qvvW4D3Ij:vQfQ19Rtmpb8U/+vW4D3c

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 1900	2184	regsvr32.exe	82
PID 2184 wrote to memory of 1900	2184	regsvr32.exe	82
PID 2184 wrote to memory of 1900	2184	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fcef03612612f9cf5f92b4e898dab18de92a589cb3151982ee59b46b95c6f077.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\fcef03612612f9cf5f92b4e898dab18de92a589cb3151982ee59b46b95c6f077.dll
  2⤵
  PID:1900

memory/1900-133-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1900-134-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download