26d934b249b63c8e8a69d8c9f827de66b7b6058f70a304d9f50c53bed9815e4f

Analysis

max time kernel
92s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 07:37

Target

26d934b249b63c8e8a69d8c9f827de66b7b6058f70a304d9f50c53bed9815e4f.dll
Size

8KB
MD5

92e60c57c38efcec22a01e3770ae650f
SHA1

42983616641af4f7b83b60dc43f6ef799c0d284a
SHA256

26d934b249b63c8e8a69d8c9f827de66b7b6058f70a304d9f50c53bed9815e4f
SHA512

b5cf0ed09b1a2a9ba72cce68f96e8cda4eae6d12eda8fe272f05bcd243ecc70eef826dd40493540e5dca578bb17d5084071909f8420b42f393690b657afd49e3
SSDEEP

192:mCvGHMJmWCr2nRG4EgtCCHF/3Rsn2W2xBIUAC:mCvGHjxu041tFVRoD2P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4980 wrote to memory of 5024	4980	regsvr32.exe	81
PID 4980 wrote to memory of 5024	4980	regsvr32.exe	81
PID 4980 wrote to memory of 5024	4980	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\26d934b249b63c8e8a69d8c9f827de66b7b6058f70a304d9f50c53bed9815e4f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4980
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\26d934b249b63c8e8a69d8c9f827de66b7b6058f70a304d9f50c53bed9815e4f.dll
  2⤵
  PID:5024