8a0689f216d1e385e172bbced70dd355f90046fa983dd8d38d39612eea3441e2

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 01:49

Target

8a0689f216d1e385e172bbced70dd355f90046fa983dd8d38d39612eea3441e2.dll
Size

588KB
MD5

48d1a68bbf4df9e0da91782c538da0a0
SHA1

6879a6cf8af02101f749fdf901f56e36676554fe
SHA256

8a0689f216d1e385e172bbced70dd355f90046fa983dd8d38d39612eea3441e2
SHA512

9a27d9223ea11d132c366637595ffcf61a411c2ddc6b61b5825221705b19274fb3061af057bdc1924a57e3e169cb0e50b9d12c71cceacd3f12ffe331d96e0cdb
SSDEEP

768:QS8e83YY2uXZ9hAVawuStKIZ+2fJcwqVETAz4HMBbsjjRGPZMoJpV:K4Y2IGe7IZ+nVETAzFs1foJ3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 2836	4956	regsvr32.exe	81
PID 4956 wrote to memory of 2836	4956	regsvr32.exe	81
PID 4956 wrote to memory of 2836	4956	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8a0689f216d1e385e172bbced70dd355f90046fa983dd8d38d39612eea3441e2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\8a0689f216d1e385e172bbced70dd355f90046fa983dd8d38d39612eea3441e2.dll
  2⤵
  PID:2836