fceef37ba1982efd75b449e4e9b42ba4740235e8811c711180684d502da1d6f6

Analysis

max time kernel
91s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2022 06:45

Target

fceef37ba1982efd75b449e4e9b42ba4740235e8811c711180684d502da1d6f6.dll
Size

128KB
MD5

17bcc9eb10a468d8f13c32f9869ef3f8
SHA1

a8656ae0fc45cc4b01858576e1ab2bb606a5d3f1
SHA256

fceef37ba1982efd75b449e4e9b42ba4740235e8811c711180684d502da1d6f6
SHA512

d24362ac2aa4609677a2698126a7e3059d1eb48f01abae9f91d47fe85c0e1a558e9275d846f2eda4cca93443656a22d0ea5ab046459ee3f9bb359cf0ec6d866f
SSDEEP

1536:jUgJ+bjg2rWyvmULwsQqdnITBNQIZnCLzsLA6:j6rWyv7wc8iItCLzsLH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 1636	1768	regsvr32.exe	79
PID 1768 wrote to memory of 1636	1768	regsvr32.exe	79
PID 1768 wrote to memory of 1636	1768	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fceef37ba1982efd75b449e4e9b42ba4740235e8811c711180684d502da1d6f6.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\fceef37ba1982efd75b449e4e9b42ba4740235e8811c711180684d502da1d6f6.dll
  2⤵
  PID:1636

memory/1636-133-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download