88e91067b5451aaf27bd0dd78b040d926179aca988dfce71fbe285a2437c294d

Analysis

max time kernel
160s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 22:46

Target

88e91067b5451aaf27bd0dd78b040d926179aca988dfce71fbe285a2437c294d.dll
Size

214KB
MD5

c967059fdbf13e60cfc336fb28d2da21
SHA1

c6cc0d9c7c5f736f4b6b30f71407e11b03289f0a
SHA256

88e91067b5451aaf27bd0dd78b040d926179aca988dfce71fbe285a2437c294d
SHA512

89bc612d41c41a13d5f164a221939f5215a50fd6a51e2097fa98df0b07e423f9f8ec70874e4898c4f4bfb76bce3d7723bb16f3eb6afad4a4dccb28fa70015135
SSDEEP

3072:/usa86jcU4eRpsEJT+XMPTjOfqBZ/CFu1Y3+dOUX73h2gDBXNSnKALxAXM40DGgS:K7cSBjOfqzK4OOdOWDdNvAiX84

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2560 wrote to memory of 3328	2560	regsvr32.exe	78
PID 2560 wrote to memory of 3328	2560	regsvr32.exe	78
PID 2560 wrote to memory of 3328	2560	regsvr32.exe	78

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\88e91067b5451aaf27bd0dd78b040d926179aca988dfce71fbe285a2437c294d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2560
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\88e91067b5451aaf27bd0dd78b040d926179aca988dfce71fbe285a2437c294d.dll
  2⤵
  PID:3328