633b5c107be1e7ae4e415bc7eea0c4367c446b318484a6dec65a0b9066848b24

Analysis

max time kernel
171s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 03:56

Target

633b5c107be1e7ae4e415bc7eea0c4367c446b318484a6dec65a0b9066848b24.dll
Size

588KB
MD5

76135b1ca4e717926219763fded5ab32
SHA1

97ae7a50e0e1cf43bc99b2da91acea2a32302b01
SHA256

633b5c107be1e7ae4e415bc7eea0c4367c446b318484a6dec65a0b9066848b24
SHA512

c92ff5363d3f8f2dfabb8da3fbcd8a43fc05ee7b8c0be6770d71e6fd1771d738c8c09a4b41db8091247bc1d05ea4c5fd8807177f3a06d3230cfb836bad803e5f
SSDEEP

768:9lRs4+AOYY2uXZ9hAVawSStKIZ+2fJcwqVETAz4HMBbsjjRGPZMot6TCzV:5sWY2IG67IZ+nVETAzFs1fot62h

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2440	2912	regsvr32.exe	76
PID 2912 wrote to memory of 2440	2912	regsvr32.exe	76
PID 2912 wrote to memory of 2440	2912	regsvr32.exe	76

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\633b5c107be1e7ae4e415bc7eea0c4367c446b318484a6dec65a0b9066848b24.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\633b5c107be1e7ae4e415bc7eea0c4367c446b318484a6dec65a0b9066848b24.dll
  2⤵
  PID:2440