7be21731301a08d4a90269ca9e8e92d2258813b97e78e48c6cbbae23f3aff293

Analysis

max time kernel
151s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 20:25

Target

7be21731301a08d4a90269ca9e8e92d2258813b97e78e48c6cbbae23f3aff293.dll
Size

120KB
MD5

e8df36e9d79e7bfcb8b3de06591fd6f0
SHA1

bf780c34c016dc67b3bb106ece91d32ff00c041a
SHA256

7be21731301a08d4a90269ca9e8e92d2258813b97e78e48c6cbbae23f3aff293
SHA512

c626a232892315372153a94a3ec441ce8580cd4de4a07c992ef01b9ec73d8cdc9b78747a0d3a4e3cbe7186a8ea21d23aa5719feb9be88ce00afb281a8c6b0288
SSDEEP

1536:NJqCQ4dbouOW9uR1WN+I8Pov3daD5gJuy:l/dbFgvG+vov3dMg9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 4404	2264	regsvr32.exe	78
PID 2264 wrote to memory of 4404	2264	regsvr32.exe	78
PID 2264 wrote to memory of 4404	2264	regsvr32.exe	78

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7be21731301a08d4a90269ca9e8e92d2258813b97e78e48c6cbbae23f3aff293.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7be21731301a08d4a90269ca9e8e92d2258813b97e78e48c6cbbae23f3aff293.dll
  2⤵
  PID:4404