bacae364846c0e87e5a17c4d1d00fdda5cdc37ba6fd6f99758cdde9c9b60d758

Analysis

max time kernel
151s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2022 04:02

Target

bacae364846c0e87e5a17c4d1d00fdda5cdc37ba6fd6f99758cdde9c9b60d758.dll
Size

19KB
MD5

1318055f8a37e8c1682e5bb9e4622ae6
SHA1

2691e960a1f1cb60ff762ba315315d87f4193f43
SHA256

bacae364846c0e87e5a17c4d1d00fdda5cdc37ba6fd6f99758cdde9c9b60d758
SHA512

5ad7f9e760eae65ae764bd951f95eb401959f446e78bd5d59c17fad5843115b5a6f61d73370c22e651f0206b5c4cefdace6b2f5ebecd01bedfc34813c6375e5a
SSDEEP

384:cWWTEcWjd55SolrDwjWU/mCNn49TkRBLoObb66Ij9TfnD:3Zros4WUdy9TOLeTr

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 4584	396	regsvr32.exe	80
PID 396 wrote to memory of 4584	396	regsvr32.exe	80
PID 396 wrote to memory of 4584	396	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bacae364846c0e87e5a17c4d1d00fdda5cdc37ba6fd6f99758cdde9c9b60d758.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:396
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\bacae364846c0e87e5a17c4d1d00fdda5cdc37ba6fd6f99758cdde9c9b60d758.dll
  2⤵
  PID:4584

memory/4584-133-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download