44b352e413cb2fba7b9dccd04341830f54287f197124130b835f889c78e9d244

Analysis

max time kernel
92s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 20:16

Target

44b352e413cb2fba7b9dccd04341830f54287f197124130b835f889c78e9d244.dll
Size

128KB
MD5

fdb42a4f60c8452fddf696f7642420b0
SHA1

79e6b521d6357c231bb80969c675318d2db605ea
SHA256

44b352e413cb2fba7b9dccd04341830f54287f197124130b835f889c78e9d244
SHA512

96868c03ecab8d5922069d07431ccdc8d2f543b2b39f91839cee440d6445adc8d897b28f48d7a4c0113083e40ac08bb155c1ef2712e0e4e91a8b1d8f10d09ca1
SSDEEP

1536:3mqvQVHXWRXjWm5YO6w9E3hy3FVhtoueZIbBz:N03WJjNuw9oo3F/CueZU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 3796	4512	regsvr32.exe	78
PID 4512 wrote to memory of 3796	4512	regsvr32.exe	78
PID 4512 wrote to memory of 3796	4512	regsvr32.exe	78

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\44b352e413cb2fba7b9dccd04341830f54287f197124130b835f889c78e9d244.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\44b352e413cb2fba7b9dccd04341830f54287f197124130b835f889c78e9d244.dll
  2⤵
  PID:3796

memory/3796-133-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download