e0725f4abeed3750685a464edc490444a08a2613a0ff10a9eebda40d64939e00

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 03:38

Target

e0725f4abeed3750685a464edc490444a08a2613a0ff10a9eebda40d64939e00.dll
Size

39KB
MD5

04fd50fd6ce950e21b9642a4d1d8eb68
SHA1

1eaf88908ac0daf8fdec336cb74aec9a4d35034a
SHA256

e0725f4abeed3750685a464edc490444a08a2613a0ff10a9eebda40d64939e00
SHA512

319d5f3fcf1cfbb942e4dbf325362444d07791b4fe26ce8f5bfaeffd215cbedf3682b1d6d60863761742c3fe88350fd370d7154b6b7065243af72106021d294c
SSDEEP

384:HB+zaELyiVy8h19dMPFJgwEqIHPh9OTmY+H9ybdH01EPlrTfjM7cf+we4F+EqRdx:K88h1zM3gwErYU2lrTQ7iY358MK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 532	4900	regsvr32.exe	81
PID 4900 wrote to memory of 532	4900	regsvr32.exe	81
PID 4900 wrote to memory of 532	4900	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e0725f4abeed3750685a464edc490444a08a2613a0ff10a9eebda40d64939e00.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e0725f4abeed3750685a464edc490444a08a2613a0ff10a9eebda40d64939e00.dll
  2⤵
  PID:532