3ce604834de0019f2e42506298d0dd3524789d4479d7f844111eebde5e1cfe20

Analysis

max time kernel
88s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 05:00

Target

3ce604834de0019f2e42506298d0dd3524789d4479d7f844111eebde5e1cfe20.dll
Size

588KB
MD5

32e7ec2b9087e2b8ec0b4a3223cf64e0
SHA1

b93c781657fb8e960b4f1b1c6db1aeaa1b87cb48
SHA256

3ce604834de0019f2e42506298d0dd3524789d4479d7f844111eebde5e1cfe20
SHA512

e02a40dd5f8a4babbf67a8b2ecf0c3c0d34fd54dfea1ef817064a9a08b29a215686b5ce6f5c6763a59e39f31e2d9531f0a9df87aac04326c6b0ec5433bf85cc7
SSDEEP

768:bZ8erT4b2/XZNxAVI4cs0TkKPR2fJcw61UTzS4HMwXYRRGPZMorIiR5:OPb2/G8s0npX1UTzSIoXforIm5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1140	1720	regsvr32.exe	83
PID 1720 wrote to memory of 1140	1720	regsvr32.exe	83
PID 1720 wrote to memory of 1140	1720	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3ce604834de0019f2e42506298d0dd3524789d4479d7f844111eebde5e1cfe20.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3ce604834de0019f2e42506298d0dd3524789d4479d7f844111eebde5e1cfe20.dll
  2⤵
  PID:1140