256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d

Analysis

max time kernel
170s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 06:09

Target

256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d.dll
Size

588KB
MD5

694e1aaf95998636f98392c303114b90
SHA1

3ec74379035c9a55b277f989e35e928b25707954
SHA256

256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d
SHA512

8d3fd1a7692db50a492f6a7e0a6d7362877c311bacf1718a3c45cd72d8df5a0dfe54c4640571536066cc66824b93b68e63bf82a4f50a71053e9e93d1acc1916c
SSDEEP

768:h58e3riYY2uXZ9hAVaYUStKIZ+2fJcwqVETAz4HMBbsjjRGPZMo2/V:U+Y2IGM7IZ+nVETAzFs1foC

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 1704	1580	regsvr32.exe	83
PID 1580 wrote to memory of 1704	1580	regsvr32.exe	83
PID 1580 wrote to memory of 1704	1580	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d.dll
  2⤵
  PID:1704