bce7c7357875cae2135c0679c09de03c2c8845ad220b1b984c5b229350f872cc

Analysis

max time kernel
91s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01-11-2022 22:03

Target

bce7c7357875cae2135c0679c09de03c2c8845ad220b1b984c5b229350f872cc.dll
Size

2.0MB
MD5

628c635ec2f832dc647b70976dd37323
SHA1

1c24f27b63a6abf49453a639764f1a286f0de930
SHA256

bce7c7357875cae2135c0679c09de03c2c8845ad220b1b984c5b229350f872cc
SHA512

02041831c102f417705e1fc44882738b32d62bd97b1733a4533ef3aa089ef552b6747ce2b472d583dacff519a8623ced3341c034fe10bd4d4239af69f5306bdf
SSDEEP

49152:QgAWAvPmG6pAWAvPmG6pAWAvPmG6pAWAvPmG6SM3hJN5Si:QdBHcCBHcCBHcCBHcSM3hv5S

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 992	1516	regsvr32.exe	81
PID 1516 wrote to memory of 992	1516	regsvr32.exe	81
PID 1516 wrote to memory of 992	1516	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bce7c7357875cae2135c0679c09de03c2c8845ad220b1b984c5b229350f872cc.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\bce7c7357875cae2135c0679c09de03c2c8845ad220b1b984c5b229350f872cc.dll
  2⤵
  PID:992

memory/992-132-0x0000000000000000-mapping.dmp

Download
memory/992-133-0x00000000020D0000-0x00000000022CB000-memory.dmp

Filesize
2.0MB

Download