8830e12cfe2a272a2eaf761ce9f83bc06bbe25027e86919ff28def7198a15324

Analysis

max time kernel
149s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 14:55

Target

8830e12cfe2a272a2eaf761ce9f83bc06bbe25027e86919ff28def7198a15324.dll
Size

31KB
MD5

11c089b949092c7859fb579d1df2f8a0
SHA1

2123441f3f1f0f2e435066ca5a8cac9e1567aea4
SHA256

8830e12cfe2a272a2eaf761ce9f83bc06bbe25027e86919ff28def7198a15324
SHA512

e713133ecbbe2bd52ace2a9c1d96547a0ddf7a27defa65f3109f6c3c063504f8d640ec0756744569ae7bd5ac391bbbe36a1edc1407541c2f8a5de1d0e95adb46
SSDEEP

384:+uhXmpWOFKVZOOFloE+JkgtNclgl5+JBrO+ieGsoanEVWBkc1WmKYJLTi:XAIOehvMLtwysJseGqEeHDLTi

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 332	2972	regsvr32.exe	81
PID 2972 wrote to memory of 332	2972	regsvr32.exe	81
PID 2972 wrote to memory of 332	2972	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8830e12cfe2a272a2eaf761ce9f83bc06bbe25027e86919ff28def7198a15324.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\8830e12cfe2a272a2eaf761ce9f83bc06bbe25027e86919ff28def7198a15324.dll
  2⤵
  PID:332