7d6922f47e7be38574c5a6fa0cc1334c8dae465974f178a2d6336f68a1d36c32

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 21:01

Target

7d6922f47e7be38574c5a6fa0cc1334c8dae465974f178a2d6336f68a1d36c32.dll
Size

584KB
MD5

0d9ced8efd066ebaf49f5fb45ffd45f0
SHA1

dee20bfd3671c2dad6cc42991f349afbbcc04ab2
SHA256

7d6922f47e7be38574c5a6fa0cc1334c8dae465974f178a2d6336f68a1d36c32
SHA512

a9e729816c915c5c9e0f832c4bbd816b778fe14f60cd09271c44ddd34690b62693da5cec76995030ddaef4608bf013a7e73639a0c0197c05685bc323bb9ec4df
SSDEEP

12288:X4vBKXJ3YHXMIfdOcR5KI0Uqo6uCE27dNiTeDJg89Fh5rOe:ovB8JoHX5fdNEI0doFvxeDJrp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 4820	1932	regsvr32.exe	81
PID 1932 wrote to memory of 4820	1932	regsvr32.exe	81
PID 1932 wrote to memory of 4820	1932	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7d6922f47e7be38574c5a6fa0cc1334c8dae465974f178a2d6336f68a1d36c32.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7d6922f47e7be38574c5a6fa0cc1334c8dae465974f178a2d6336f68a1d36c32.dll
  2⤵
  PID:4820