efe0ff4507d5a1eab7780bc658e02623f77014d93a7544a7a610e211cb979fdb

Analysis

max time kernel
176s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 11:27

Target

efe0ff4507d5a1eab7780bc658e02623f77014d93a7544a7a610e211cb979fdb.dll
Size

588KB
MD5

fd8a2100f1dc7f4b57d3edd3c14abe10
SHA1

f570904b93e159c8c9d09e42fadd4a651ee3a820
SHA256

efe0ff4507d5a1eab7780bc658e02623f77014d93a7544a7a610e211cb979fdb
SHA512

58bb7532fcf78b29333f0c1a0404048b9fa2ee6cd15e0fa761a1d8b01b20f9eefd43944393d43cbd1ffb954d97d98edec2c59fa40faeb1af27e63c76a6dbbc78
SSDEEP

768:9S8e8jYY2uXZ9hAVawuStKIZ+2fJcwqVETAz4HMBbsjjRGPZMo/pV:ZkY2IGe7IZ+nVETAzFs1fo/3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1692 wrote to memory of 4536	1692	regsvr32.exe	76
PID 1692 wrote to memory of 4536	1692	regsvr32.exe	76
PID 1692 wrote to memory of 4536	1692	regsvr32.exe	76

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\efe0ff4507d5a1eab7780bc658e02623f77014d93a7544a7a610e211cb979fdb.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1692
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\efe0ff4507d5a1eab7780bc658e02623f77014d93a7544a7a610e211cb979fdb.dll
  2⤵
  PID:4536