351dcc5131fc37d164963779064f1d68c2d0dbfcc6a6d9d1f809767457d9d6ad

Analysis

max time kernel
111s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 00:14

Target

351dcc5131fc37d164963779064f1d68c2d0dbfcc6a6d9d1f809767457d9d6ad.dll
Size

588KB
MD5

104ffe9cb1c8e06559120a6506465731
SHA1

6a55685be0d8317064fb341a52d02aa6a8cffab4
SHA256

351dcc5131fc37d164963779064f1d68c2d0dbfcc6a6d9d1f809767457d9d6ad
SHA512

c6f1e809cb3dc99a9dd54c46487d7d55d57b6e1ee502108dd532ced8ba4eb3af6721c5f1058d9f6d6eee8dfab9782b6adb09f735a6acfcc153e852f26bacb522
SSDEEP

768:H4Rs4+D1Yi20XZ9hAVx/qtKIZ+2fJcwqVETAz4HMBbsjjRGPZMomV:esCi2iGVDIZ+nVETAzFs1foa

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 3684	2692	regsvr32.exe	81
PID 2692 wrote to memory of 3684	2692	regsvr32.exe	81
PID 2692 wrote to memory of 3684	2692	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\351dcc5131fc37d164963779064f1d68c2d0dbfcc6a6d9d1f809767457d9d6ad.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\351dcc5131fc37d164963779064f1d68c2d0dbfcc6a6d9d1f809767457d9d6ad.dll
  2⤵
  PID:3684