296daaa30613346c0d25eb324f3e2aefa14eff947d6914cf2c930fdf017dc269

Analysis

max time kernel
61s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 20:10

Target

296daaa30613346c0d25eb324f3e2aefa14eff947d6914cf2c930fdf017dc269.dll
Size

120KB
MD5

728846c7ac65acbca6f64b94ff8ba0a0
SHA1

c70bd0da6523f46e1a412de334be93289cc8af7b
SHA256

296daaa30613346c0d25eb324f3e2aefa14eff947d6914cf2c930fdf017dc269
SHA512

e24d2079bf85cbaefe181c0333ea3a937890fe715cf5e35ec0f1daedecc681863013079e4f0ef1e9055534ad2590c9d613938f09f7627371c4cd5772ce567d40
SSDEEP

1536:+Vq0QBiiT9uCS2TWCZ1R7Nu+RMV+0jcfNIFDIMChz:U2iisCSd7+RMV+0jcfNmCl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 2204	3108	regsvr32.exe	82
PID 3108 wrote to memory of 2204	3108	regsvr32.exe	82
PID 3108 wrote to memory of 2204	3108	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\296daaa30613346c0d25eb324f3e2aefa14eff947d6914cf2c930fdf017dc269.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\296daaa30613346c0d25eb324f3e2aefa14eff947d6914cf2c930fdf017dc269.dll
  2⤵
  PID:2204