e300ab42e06709c85f3c650d5dde02743ecae4f6947b6b008fbbbf50886bd571

Analysis

max time kernel
134s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 17:06

Target

e300ab42e06709c85f3c650d5dde02743ecae4f6947b6b008fbbbf50886bd571.dll
Size

368KB
MD5

aed5fdaa690f8ea383e196ad5b757e4e
SHA1

a64b8f8d81f9c8b05565c67bfd4e2484f08d3674
SHA256

e300ab42e06709c85f3c650d5dde02743ecae4f6947b6b008fbbbf50886bd571
SHA512

4ec448981a6022674451429925aaf7f4726efbf849cd3f3ef7633355296ba6f7a1b63e6df67e67778259b77cf1e3ae79e9ad20299abf2ead526350afaff38a2a
SSDEEP

3072:zMoj13v+BywNrU1X8GhyPC+7pwo/gPYNx6kd+hULmhHt7bOyEoSOz4htCxVh7qy:TgywNSnyPC+7pwo4oJEeLmHt7BGy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4216 wrote to memory of 3188	4216	regsvr32.exe	80
PID 4216 wrote to memory of 3188	4216	regsvr32.exe	80
PID 4216 wrote to memory of 3188	4216	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e300ab42e06709c85f3c650d5dde02743ecae4f6947b6b008fbbbf50886bd571.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4216
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e300ab42e06709c85f3c650d5dde02743ecae4f6947b6b008fbbbf50886bd571.dll
  2⤵
  PID:3188