3c24e0b57f4892ff3140ca975c48d8ea346f407e779cc70aeb070856445fc9f3

Analysis

max time kernel
184s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 04:03

Target

3c24e0b57f4892ff3140ca975c48d8ea346f407e779cc70aeb070856445fc9f3.dll
Size

120KB
MD5

3e2efb5768857bda471e704222ca70f0
SHA1

41ec9c5d00298dc5498151a5d121798d8a7e2ec0
SHA256

3c24e0b57f4892ff3140ca975c48d8ea346f407e779cc70aeb070856445fc9f3
SHA512

afce110642735482d1ba3c580ca154c11c5cd53159a451db68857730690433cb80c9b773b3e97b908a532f5b3359fb39a065ba58393a195e304258c77b1e7b28
SSDEEP

1536:Z+qCQmOszcIoWkwKnlAlv4Jpo0WZvozv/rEpncOO6:m3OeoyH2gNsgcOL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1256 wrote to memory of 1104	1256	regsvr32.exe	78
PID 1256 wrote to memory of 1104	1256	regsvr32.exe	78
PID 1256 wrote to memory of 1104	1256	regsvr32.exe	78

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3c24e0b57f4892ff3140ca975c48d8ea346f407e779cc70aeb070856445fc9f3.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1256
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3c24e0b57f4892ff3140ca975c48d8ea346f407e779cc70aeb070856445fc9f3.dll
  2⤵
  PID:1104