b8e154ccd5fc9a2ddf733880d5f95fe8f793ebc68616767d2dd8252a257b6e19

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2022 05:09

Target

b8e154ccd5fc9a2ddf733880d5f95fe8f793ebc68616767d2dd8252a257b6e19.dll
Size

19KB
MD5

0855e17ff5216d68ddfe9754f53e8bf0
SHA1

f1a01cfc1f0c06909ad29b6f2f378c40cff5b587
SHA256

b8e154ccd5fc9a2ddf733880d5f95fe8f793ebc68616767d2dd8252a257b6e19
SHA512

1c5097ba4b9b820742bd717ad8ae5b0fdd4ecd5eaf07af1e99f0061fc96362542ef634ba38d3079842c35aa2ab5dc3fe313ca4fc2af623684a7994ee9ea0d368
SSDEEP

384:9WWTEcW2Bvlm7WtuHbJ5L6jH9HHZ+0DZoeabxmDb/c/j9dHO9KUb7OF:SyKWtuHPeNnZoeAm3/wrUbKF

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 1044	4760	regsvr32.exe	79
PID 4760 wrote to memory of 1044	4760	regsvr32.exe	79
PID 4760 wrote to memory of 1044	4760	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b8e154ccd5fc9a2ddf733880d5f95fe8f793ebc68616767d2dd8252a257b6e19.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b8e154ccd5fc9a2ddf733880d5f95fe8f793ebc68616767d2dd8252a257b6e19.dll
  2⤵
  PID:1044