979d33540aefcdd3d886f0139b4065494e9ba68f7e08c7c58fe1193a7aa8d799

Analysis

max time kernel
183s
max time network
230s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 16:52

Target

979d33540aefcdd3d886f0139b4065494e9ba68f7e08c7c58fe1193a7aa8d799.dll
Size

128KB
MD5

626e8922f4b8169f020c29a42e34a12f
SHA1

4a92b18cf89c948ec4c5935f4b250e410f9fed48
SHA256

979d33540aefcdd3d886f0139b4065494e9ba68f7e08c7c58fe1193a7aa8d799
SHA512

018cd1310bf1d8dec72519de6a0c91bf5de7b6b1177e8b6e4cb308c8da16ef35bb14a717bb9af9a17477653fa047e063ef7ba3433e55ac63e51cd52ff89dd43d
SSDEEP

1536:wUgJ+b7g2rWyvmULwsQqdnITBNQIZnCLzsVA6:w+rWyv7wc8iItCLzsVH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4156 wrote to memory of 400	4156	regsvr32.exe	83
PID 4156 wrote to memory of 400	4156	regsvr32.exe	83
PID 4156 wrote to memory of 400	4156	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\979d33540aefcdd3d886f0139b4065494e9ba68f7e08c7c58fe1193a7aa8d799.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4156
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\979d33540aefcdd3d886f0139b4065494e9ba68f7e08c7c58fe1193a7aa8d799.dll
  2⤵
  PID:400

memory/400-133-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download