08197af5489596f344efc492a6759fb9fc0f7c81c95fab55efbbcc45b33e8cfe

Analysis

max time kernel
151s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 04:41

Target

08197af5489596f344efc492a6759fb9fc0f7c81c95fab55efbbcc45b33e8cfe.dll
Size

120KB
MD5

770e04a8d3ecf8d6d0efbe257297f770
SHA1

a6842abcf29e8021055d151dd9be7f12251479e8
SHA256

08197af5489596f344efc492a6759fb9fc0f7c81c95fab55efbbcc45b33e8cfe
SHA512

3dfbf8f02da0c8b2776631271caffd1724ed47f203bbf151d12d17f7c7cb1031116419a78253556bc7262a01fbdafbbf72ef3460c350b1e53c8a2b643c391ffe
SSDEEP

1536:qNqMQlu4XMKTwjaDKj+VeK6GV6P19UCRg1gOVA6:wmu4jTwj1JKhGgCRga6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 792	4992	regsvr32.exe	81
PID 4992 wrote to memory of 792	4992	regsvr32.exe	81
PID 4992 wrote to memory of 792	4992	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\08197af5489596f344efc492a6759fb9fc0f7c81c95fab55efbbcc45b33e8cfe.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\08197af5489596f344efc492a6759fb9fc0f7c81c95fab55efbbcc45b33e8cfe.dll
  2⤵
  PID:792

memory/792-132-0x0000000000000000-mapping.dmp

Download
memory/792-133-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download