8834df7ce9d7eb9bd13d392213b2484d3ee736f6ca0303b92d09db1ee9a2eb64

Analysis

max time kernel
178s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 21:42

Target

8834df7ce9d7eb9bd13d392213b2484d3ee736f6ca0303b92d09db1ee9a2eb64.dll
Size

428KB
MD5

4a7a3b30e4d3f65e4298731dc6756e48
SHA1

cc3f774663c045f5c9ec01508c48d08dee39f226
SHA256

8834df7ce9d7eb9bd13d392213b2484d3ee736f6ca0303b92d09db1ee9a2eb64
SHA512

7098c00a976427121e752fc3347337a16c1fd01a2a8c33a4bf327b82698235acadd4cc005fe902659f6980b1d7ff2023ed8ddd1635f5e65ad12f84a3262d51af
SSDEEP

3072:KjSxV1ey4ihInWNrMQyNwDOpLXnbjEi9oG/XCaYfRz1Unzz+R2p2Dw9KRut8j6BE:KUIjzvCXfR5UnAZBlqBOsgT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 4628	1328	regsvr32.exe	79
PID 1328 wrote to memory of 4628	1328	regsvr32.exe	79
PID 1328 wrote to memory of 4628	1328	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8834df7ce9d7eb9bd13d392213b2484d3ee736f6ca0303b92d09db1ee9a2eb64.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\8834df7ce9d7eb9bd13d392213b2484d3ee736f6ca0303b92d09db1ee9a2eb64.dll
  2⤵
  PID:4628