78780d4e741182d1bdeab2a5b3e16ab45ffd9e5ea9e2dd93f0b8aae149eed175

Analysis

max time kernel
171s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 07:27

Target

78780d4e741182d1bdeab2a5b3e16ab45ffd9e5ea9e2dd93f0b8aae149eed175.dll
Size

588KB
MD5

7bd2b005bb44ce0f38591adc393f74fb
SHA1

3032ef62d23fa169ca7e46651813b63295ea2881
SHA256

78780d4e741182d1bdeab2a5b3e16ab45ffd9e5ea9e2dd93f0b8aae149eed175
SHA512

18c797c173766806eded936fbcae0ac2d0365f6001a1dfb02613025f855a72d9c8ea3ffeb0525d2d471afa1ef995e2c3ebb7155957c32d2ac915478e57078b15
SSDEEP

768:a58e3rhYY2uXZ9hAVaYUStKIZ+2fJcwqVETAz4HMBbsjjRGPZMo0/V:xNY2IGM7IZ+nVETAzFs1fo8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2088 wrote to memory of 1556	2088	regsvr32.exe	83
PID 2088 wrote to memory of 1556	2088	regsvr32.exe	83
PID 2088 wrote to memory of 1556	2088	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\78780d4e741182d1bdeab2a5b3e16ab45ffd9e5ea9e2dd93f0b8aae149eed175.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2088
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\78780d4e741182d1bdeab2a5b3e16ab45ffd9e5ea9e2dd93f0b8aae149eed175.dll
  2⤵
  PID:1556