8913a7e3c3277a5477057f49b07330b94464c489d91bbd135dbe9b67c0d3a35d

Analysis

max time kernel
136s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 01:29

Target

8913a7e3c3277a5477057f49b07330b94464c489d91bbd135dbe9b67c0d3a35d.dll
Size

128KB
MD5

eb91a52f768826b011ff85a2c6a4176f
SHA1

c86f9dcf51b78e66acc3b55c33daeaedded2f3d3
SHA256

8913a7e3c3277a5477057f49b07330b94464c489d91bbd135dbe9b67c0d3a35d
SHA512

c6a21c8ea3fd60c4d534292a54b76cdb850f1a1943247ce1c87b07344ca02f45992510bc07bd289c984fab9e1c7932525fa26eaffb23b6c1391f957ab7949ccb
SSDEEP

1536:OkUgJ+DwTC2tOmXbJVaK3R0XMJ33iU5hVXl7NeLZ61due6moMNNlltdgHXTzHrz5:L9TOubqoNNfoT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 3060	4880	regsvr32.exe	79
PID 4880 wrote to memory of 3060	4880	regsvr32.exe	79
PID 4880 wrote to memory of 3060	4880	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8913a7e3c3277a5477057f49b07330b94464c489d91bbd135dbe9b67c0d3a35d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\8913a7e3c3277a5477057f49b07330b94464c489d91bbd135dbe9b67c0d3a35d.dll
  2⤵
  PID:3060