83b7f946965746388f8b1ea1c4b1a5c563b215a8bbe2e6dfadbff0527fb7db00

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 06:43

Target

83b7f946965746388f8b1ea1c4b1a5c563b215a8bbe2e6dfadbff0527fb7db00.dll
Size

588KB
MD5

87917adedd4c73c10344e2fd24dfcbd9
SHA1

2b31a90668e3bdac73073f40221946b081219fd8
SHA256

83b7f946965746388f8b1ea1c4b1a5c563b215a8bbe2e6dfadbff0527fb7db00
SHA512

c3051a3ba515f10a6bd83faf53b0e05160b54deba7d6ab32139aea00c19a2ae5b2d8a23ae5bb83c38325b5e02f0d91b0b4fd92e7354a3ed00903ac12693741bb
SSDEEP

768:xAIaUI1Lq0Wjckr0T2d2hXZq/oCT6Uv2h3PNnVftA2oT4qVx4nX9iAVRGPZMoZzk:iBUgJ+DITC2tO2UOJN82oT4qoN5Tfoo/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 5048	1268	regsvr32.exe	83
PID 1268 wrote to memory of 5048	1268	regsvr32.exe	83
PID 1268 wrote to memory of 5048	1268	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\83b7f946965746388f8b1ea1c4b1a5c563b215a8bbe2e6dfadbff0527fb7db00.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\83b7f946965746388f8b1ea1c4b1a5c563b215a8bbe2e6dfadbff0527fb7db00.dll
  2⤵
  PID:5048

memory/5048-133-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download
memory/5048-134-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download