827a2e7322fbdf48ca8a5df7405649a5415d9d99ad351e821c647babcc398f59

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 12:54

Target

827a2e7322fbdf48ca8a5df7405649a5415d9d99ad351e821c647babcc398f59.dll
Size

664KB
MD5

e6699a9f8b53d5613231e8302de54324
SHA1

07c0a189c6c5d0b3ba670cd77788276438a936a3
SHA256

827a2e7322fbdf48ca8a5df7405649a5415d9d99ad351e821c647babcc398f59
SHA512

2fad42a043c3cb920136f54cb5c9fdd0224cbdf2cd682f15d54ed91affadf018046e5cc7555c7c0be9f8a6913e9e38b710575404727ddc2bbfbc9b6075f84fc0
SSDEEP

12288:2si5g4y9f2QPRmxiDozjLst4kY/P5+YuaVaYlIALrDbzeZ5ea4HMD:2mxFT4jP5+titlJrDWx4m

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3796 wrote to memory of 2872	3796	regsvr32.exe	80
PID 3796 wrote to memory of 2872	3796	regsvr32.exe	80
PID 3796 wrote to memory of 2872	3796	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\827a2e7322fbdf48ca8a5df7405649a5415d9d99ad351e821c647babcc398f59.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3796
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\827a2e7322fbdf48ca8a5df7405649a5415d9d99ad351e821c647babcc398f59.dll
  2⤵
  PID:2872