624c51cf3661ab3a589a5fcc1890d544d6b2da926eceba79e84f62a28b4f99ea

Analysis

max time kernel
150s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2022 08:43

Target

624c51cf3661ab3a589a5fcc1890d544d6b2da926eceba79e84f62a28b4f99ea.dll
Size

182KB
MD5

32c004ec44e45a3e713580de0f08b200
SHA1

e14459027e650ba6bbffd28d48f94aa1697825e3
SHA256

624c51cf3661ab3a589a5fcc1890d544d6b2da926eceba79e84f62a28b4f99ea
SHA512

e76479583434a7094179597689134dc141a3000b8d763f783e0f24cbaf4812cdbd5e6694126b6ed347eb23881f70ecd19ffae63286f3392df24d417ae8d85f48
SSDEEP

3072:sGE9+ZUsENVYbxeseM/ff1kWnBHbbrMbvT0q8O1cZPzQ7IXMBc+AMP+QfQEhxFyD:K4ZIud7PdnB7wvP6bQ7yMP+DE827RCNJ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 4760	1156	regsvr32.exe	79
PID 1156 wrote to memory of 4760	1156	regsvr32.exe	79
PID 1156 wrote to memory of 4760	1156	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\624c51cf3661ab3a589a5fcc1890d544d6b2da926eceba79e84f62a28b4f99ea.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\624c51cf3661ab3a589a5fcc1890d544d6b2da926eceba79e84f62a28b4f99ea.dll
  2⤵
  PID:4760

memory/4760-132-0x0000000000000000-mapping.dmp

Download
memory/4760-133-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4760-134-0x0000000002950000-0x0000000002980000-memory.dmp

Filesize
192KB

Download
memory/4760-135-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/4760-136-0x0000000002950000-0x0000000002980000-memory.dmp

Filesize
192KB

Download