f852b81675ccfcdcb87d9d7947a7078984a01b3ec611fe38e649b691b3f3e07d

Analysis

max time kernel
139s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 02:39

Target

f852b81675ccfcdcb87d9d7947a7078984a01b3ec611fe38e649b691b3f3e07d.dll
Size

880KB
MD5

6f7b4cdd6e90402d64b16920206bd8b1
SHA1

4b386014ed7c95a21cf2cc7131ef825e4492be79
SHA256

f852b81675ccfcdcb87d9d7947a7078984a01b3ec611fe38e649b691b3f3e07d
SHA512

2b574252b7c98878b5c977883d09fe6402af61e8aad1c0759063e03f262da383430753dcd6c2ced027914be20858f560f1a0813d42c10c990690cfc0dba8fd66
SSDEEP

12288:DRr6zwz/UI7oAlDjyYq5hR9KutiO6DPI/TIoZc2XFBbj:DRuzwz/1Ts5x8O6DPsTlhX

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\KERNEL32.DLL	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 3536	2204	regsvr32.exe	79
PID 2204 wrote to memory of 3536	2204	regsvr32.exe	79
PID 2204 wrote to memory of 3536	2204	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f852b81675ccfcdcb87d9d7947a7078984a01b3ec611fe38e649b691b3f3e07d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f852b81675ccfcdcb87d9d7947a7078984a01b3ec611fe38e649b691b3f3e07d.dll
  2⤵
  - Drops file in System32 directory
  PID:3536