73fd7252b9fc444d856c989fe40cdc97623c5474ba456e5741cc9940e32bb65d

Analysis

max time kernel
167s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 20:17

Target

73fd7252b9fc444d856c989fe40cdc97623c5474ba456e5741cc9940e32bb65d.dll
Size

120KB
MD5

3cef6082dc055f2b75b8988c99038bf0
SHA1

88abc1d7926c4c68c2a46ddcb4c9169398d841d8
SHA256

73fd7252b9fc444d856c989fe40cdc97623c5474ba456e5741cc9940e32bb65d
SHA512

c705583ba9b16c93c89dc1135b6db2ea3dee5c34af993cd9c2454422f0d362e196edf9cc82fad77c59cb19cc9a6245705276bdb2a12d3ddf634c2802dd20db7d
SSDEEP

768:nlyWq7Qm13u0lhgiZmdpmgHNbwqDpGfjmz5M9Zy9oFnFWKal2P826NqEYeP7pqx:EWq7QGDDqtbxGbu6W9oFnF9kKcUEY6c

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3856 wrote to memory of 776	3856	regsvr32.exe	82
PID 3856 wrote to memory of 776	3856	regsvr32.exe	82
PID 3856 wrote to memory of 776	3856	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\73fd7252b9fc444d856c989fe40cdc97623c5474ba456e5741cc9940e32bb65d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3856
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\73fd7252b9fc444d856c989fe40cdc97623c5474ba456e5741cc9940e32bb65d.dll
  2⤵
  PID:776

memory/776-133-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download