33ded5bbef7bcb8b7b65e4ab45cb5e9116dd35a1c8744a6d175bd3fbb0ede010

Analysis

max time kernel
91s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 13:44

Target

33ded5bbef7bcb8b7b65e4ab45cb5e9116dd35a1c8744a6d175bd3fbb0ede010.dll
Size

128KB
MD5

066e2f1fd39af72f33943733384f6d70
SHA1

58cf3e679f0b8736b1f593725ac8800ebed7642b
SHA256

33ded5bbef7bcb8b7b65e4ab45cb5e9116dd35a1c8744a6d175bd3fbb0ede010
SHA512

749e5cfc1ee82559c0297f1249590b29c99adb77c5c84fa7dd33bd66bfc7a7dc06cf78d9c442df32e9afd96c4dd39a4d9b421d1c1ea1425f35107b74ed5a2a75
SSDEEP

1536:S1fRREo2LeVhdJpzmqiboaDLhYETtyGqgo+XosGZxFmu1k6:SZEDeVhvpzRoqHGDo+XosGZxUu1k6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3488 wrote to memory of 3180	3488	regsvr32.exe	82
PID 3488 wrote to memory of 3180	3488	regsvr32.exe	82
PID 3488 wrote to memory of 3180	3488	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\33ded5bbef7bcb8b7b65e4ab45cb5e9116dd35a1c8744a6d175bd3fbb0ede010.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3488
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\33ded5bbef7bcb8b7b65e4ab45cb5e9116dd35a1c8744a6d175bd3fbb0ede010.dll
  2⤵
  PID:3180