bb96b4e90fc2f4cc7650b6efa650648c5e614199c4c7c5df55647cd0fb385134

Analysis

max time kernel
149s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 05:10

Target

bb96b4e90fc2f4cc7650b6efa650648c5e614199c4c7c5df55647cd0fb385134.dll
Size

20KB
MD5

091d69609551f46f703dc1c4565e4c79
SHA1

72414b02dc39fa445744867ce4b56447a99d779f
SHA256

bb96b4e90fc2f4cc7650b6efa650648c5e614199c4c7c5df55647cd0fb385134
SHA512

6cf11ee9ef468e50a3f94f47504ae5e4a194259d1287e01e3404d248c9e1cccc53dba19eaf54ff96edcc204e5d08bcb58b7717ea4d1cdac1d4caeb7949504991
SSDEEP

384:4+WWTEcWgo1j6oGrC8NkIQPMyG+9lIvgkRUKmYB5oLrRYJIjnQohRIB7:41jJDL8NkNP6+9lIgKm7LtOynpS7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 1392	2064	regsvr32.exe	80
PID 2064 wrote to memory of 1392	2064	regsvr32.exe	80
PID 2064 wrote to memory of 1392	2064	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bb96b4e90fc2f4cc7650b6efa650648c5e614199c4c7c5df55647cd0fb385134.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\bb96b4e90fc2f4cc7650b6efa650648c5e614199c4c7c5df55647cd0fb385134.dll
  2⤵
  PID:1392