add83c156613cd0fa396b9788f145602ab1305bcbeed431da540e8f3653f82a9

Analysis

max time kernel
279s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 15:07

Target

add83c156613cd0fa396b9788f145602ab1305bcbeed431da540e8f3653f82a9.dll
Size

139KB
MD5

31f4a147b5337bc07cc856f7a0f815b4
SHA1

e72c6cad9286f255951fc4b69db8daa7beaa8299
SHA256

add83c156613cd0fa396b9788f145602ab1305bcbeed431da540e8f3653f82a9
SHA512

f3571173211b17314a71380c0fd88cbc0d40aec63b003d8a40faf3c788d912c5f19c3eee6e1345efb50d613a033e4746db607625919fd810c78606e611b355a3
SSDEEP

3072:/a04dCHu3Bd4j7xbSfOiMS+7yMQYr+NtJ1oLRyGl6AX:i0bIgbA8GFYr+NtfZQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 3056	1900	regsvr32.exe	81
PID 1900 wrote to memory of 3056	1900	regsvr32.exe	81
PID 1900 wrote to memory of 3056	1900	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\add83c156613cd0fa396b9788f145602ab1305bcbeed431da540e8f3653f82a9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\add83c156613cd0fa396b9788f145602ab1305bcbeed431da540e8f3653f82a9.dll
  2⤵
  PID:3056