c04a14c8d385112120c2035a3a510d8bc9bdacb1d6569155717aa332f127ab79

Analysis

max time kernel
122s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 17:25

Target

c04a14c8d385112120c2035a3a510d8bc9bdacb1d6569155717aa332f127ab79.dll
Size

170KB
MD5

718bfd5bd8da7df60adc7b5c61b65d8f
SHA1

4ecf606c945b1d7213e1f8cbbbeb7f96e9119e25
SHA256

c04a14c8d385112120c2035a3a510d8bc9bdacb1d6569155717aa332f127ab79
SHA512

3b23c908740def505e5573950d97ce724134712b4c4c184bad875894bd47625d4b71c2c2195790c274bc078f88c61c932757a8d8026ef6fff09d479b788d4ca8
SSDEEP

3072:NnfAD6vrCowDuO6gcvPo1ZnH2X3fQBIQOQbVb4uk4:BAD6vOowD7SoHH2X3fQBDd2uk4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1804	2016	regsvr32.exe	81
PID 2016 wrote to memory of 1804	2016	regsvr32.exe	81
PID 2016 wrote to memory of 1804	2016	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c04a14c8d385112120c2035a3a510d8bc9bdacb1d6569155717aa332f127ab79.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c04a14c8d385112120c2035a3a510d8bc9bdacb1d6569155717aa332f127ab79.dll
  2⤵
  PID:1804