762fafd1e50fb2cb78d716a5ccfe16d189ecba6102357b2cb2ec42e00a450f5b

Analysis

max time kernel
143s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 03:04

Target

762fafd1e50fb2cb78d716a5ccfe16d189ecba6102357b2cb2ec42e00a450f5b.dll
Size

588KB
MD5

c0dc9cb844a5cc70f17630b866b93065
SHA1

233bd80b3a999990a06457fdfc41f77d2d6f91a2
SHA256

762fafd1e50fb2cb78d716a5ccfe16d189ecba6102357b2cb2ec42e00a450f5b
SHA512

90c0a1c3d43d411bf7b16287e380a5524bc0fe9c6e5aa8c0eb0493fc3f31cee149f761d1ca83f098baf1b5014bb347c83a02c70420f20a9a310875c1a1a66a57
SSDEEP

768:J58e3rKYY2uXZ9hAVaYUStKIZ+2fJcwqVETAz4HMBbsjjRGPZMoq/V:8yY2IGM7IZ+nVETAzFs1fou

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 1044	3992	regsvr32.exe	80
PID 3992 wrote to memory of 1044	3992	regsvr32.exe	80
PID 3992 wrote to memory of 1044	3992	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\762fafd1e50fb2cb78d716a5ccfe16d189ecba6102357b2cb2ec42e00a450f5b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\762fafd1e50fb2cb78d716a5ccfe16d189ecba6102357b2cb2ec42e00a450f5b.dll
  2⤵
  PID:1044

memory/1044-133-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download