1f96a826be0b30e3634cd068bd111e22fd1d63ff8a28611c54a458a85d698642

Analysis

max time kernel
158s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 00:38

Target

1f96a826be0b30e3634cd068bd111e22fd1d63ff8a28611c54a458a85d698642.dll
Size

908KB
MD5

43eb9e7cdd1c6fd48cc742a7c85f58b0
SHA1

663ca2ac1c06c37e29af409b01817f7db98323ce
SHA256

1f96a826be0b30e3634cd068bd111e22fd1d63ff8a28611c54a458a85d698642
SHA512

4d6503e0a3fe3d57d7fc0201297cfd6a67689f8b3c1cce5be6af791ae159675ccc28227f6af863fb1d7cdc60a986fbaa780bbcf94922d4afee5bfe1d37313b14
SSDEEP

12288:QSx/p71Ol1al7FxuPbtYgBZR0+QUry8zcZvM7T4oYRx0dBCEWXR:Px1oaoZBaUry8zcZvgT18ydBC

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4296 wrote to memory of 4132	4296	regsvr32.exe	84
PID 4296 wrote to memory of 4132	4296	regsvr32.exe	84
PID 4296 wrote to memory of 4132	4296	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1f96a826be0b30e3634cd068bd111e22fd1d63ff8a28611c54a458a85d698642.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4296
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1f96a826be0b30e3634cd068bd111e22fd1d63ff8a28611c54a458a85d698642.dll
  2⤵
  PID:4132