8d313a02331cbd2bcf58ce4c606f9e5973a61b6d9cad65ab52c3428d05d97971

Analysis

max time kernel
41s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 01:35

Target

8d313a02331cbd2bcf58ce4c606f9e5973a61b6d9cad65ab52c3428d05d97971.dll
Size

588KB
MD5

8ebf2d53ec8aec819943e31e6ca6db4a
SHA1

cf9fb33e6e20fc134fd16d5ee72a8970c610c017
SHA256

8d313a02331cbd2bcf58ce4c606f9e5973a61b6d9cad65ab52c3428d05d97971
SHA512

665368c4a104b35e84cd04c5bbd768d8be03f3b9b02251acfbc29485d39b0710578bf172b9fdc282458d3ed4e94a1d096b545aefabb6d5b8388c70dca42b395c
SSDEEP

768:wS8e8HYY2uXZ9hAVawuStKIZ+2fJcwqVETAz4HMBbsjjRGPZMotpV:qoY2IGe7IZ+nVETAzFs1fot3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 3144	4572	regsvr32.exe	76
PID 4572 wrote to memory of 3144	4572	regsvr32.exe	76
PID 4572 wrote to memory of 3144	4572	regsvr32.exe	76

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8d313a02331cbd2bcf58ce4c606f9e5973a61b6d9cad65ab52c3428d05d97971.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\8d313a02331cbd2bcf58ce4c606f9e5973a61b6d9cad65ab52c3428d05d97971.dll
  2⤵
  PID:3144