fbc549b1ba6e6546c03289cf536b7c379dc5299c3eb42d458fac65c3f274435d

Analysis

max time kernel
141s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 10:49

Target

fbc549b1ba6e6546c03289cf536b7c379dc5299c3eb42d458fac65c3f274435d.dll
Size

588KB
MD5

813e8125d1c20733b6e4f8b6538c0b2e
SHA1

11457daf81469de184eb817eac30b97a2cbe6cd9
SHA256

fbc549b1ba6e6546c03289cf536b7c379dc5299c3eb42d458fac65c3f274435d
SHA512

6e51571d266135ae1be4e269af8bddeeb59c892b4ea37146284a750605d72df8a08929beff94cae1d06799355412d78e9ad4955b9aa69a4694f8c878b3794b5e
SSDEEP

768:JAIJUI1cq0WB70T2d2hXZq/oCT6Uv2h3PNnVftA2oT4qVx4nX9iAVRGPZMoPzR0/:6CUgeOYTC2tO2UOJN82oT4qoN5TfoS/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 3552	1428	regsvr32.exe	80
PID 1428 wrote to memory of 3552	1428	regsvr32.exe	80
PID 1428 wrote to memory of 3552	1428	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fbc549b1ba6e6546c03289cf536b7c379dc5299c3eb42d458fac65c3f274435d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\fbc549b1ba6e6546c03289cf536b7c379dc5299c3eb42d458fac65c3f274435d.dll
  2⤵
  PID:3552