3e0d69d10ab90e9c0a9a81e884f2b9c66c24c22e99b30d3513a2986fb8104156

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 14:33

Target

3e0d69d10ab90e9c0a9a81e884f2b9c66c24c22e99b30d3513a2986fb8104156.dll
Size

588KB
MD5

04c99da29c47f523e590e22c207263c7
SHA1

1d44023e807063d710d6085c0a89978b1259cc78
SHA256

3e0d69d10ab90e9c0a9a81e884f2b9c66c24c22e99b30d3513a2986fb8104156
SHA512

4026b4efcc09200a9dafec6007eaaf8616609cc6b62306b601409736dcbcdbb6aa6a6497d388d15a8806a91f4e77ff563c08c2bf92988163d8d0fa28031aa7af
SSDEEP

768:Xu8eQu4b2/XZNxAVIkSi2TkKPR2fJcw61UTzS4HMwXYRRGPZMoTiR5:Hpb2/GGi2npX1UTzSIoXfoTm5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 1664	5104	regsvr32.exe	80
PID 5104 wrote to memory of 1664	5104	regsvr32.exe	80
PID 5104 wrote to memory of 1664	5104	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3e0d69d10ab90e9c0a9a81e884f2b9c66c24c22e99b30d3513a2986fb8104156.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3e0d69d10ab90e9c0a9a81e884f2b9c66c24c22e99b30d3513a2986fb8104156.dll
  2⤵
  PID:1664