ef412e72ab0c425fd72e74fe98f5715bb30cec09371665f3afd72b85a78ecf44

Analysis

max time kernel
114s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 04:05

Target

ef412e72ab0c425fd72e74fe98f5715bb30cec09371665f3afd72b85a78ecf44.dll
Size

196KB
MD5

34d575d6fc05c78c65ee332777d19a80
SHA1

d044c36e0ddf8e50b6925bba7445707c7efe9f65
SHA256

ef412e72ab0c425fd72e74fe98f5715bb30cec09371665f3afd72b85a78ecf44
SHA512

0abfb8a1531ed7055e9750d9682b519814de192866990c3ef907180c7c26ad53ea692b627052efe88be5514fe91748364044e9913a9a2955e64bd71238cd4bfd
SSDEEP

3072:QyE5rzmralbxX9bhWYa+7bN7S453slTBfCA75z2hVMwai8K6sG:BavRkYa2bN7S4SlTBqA75zqywUK9G

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 3172	1400	regsvr32.exe	80
PID 1400 wrote to memory of 3172	1400	regsvr32.exe	80
PID 1400 wrote to memory of 3172	1400	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ef412e72ab0c425fd72e74fe98f5715bb30cec09371665f3afd72b85a78ecf44.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ef412e72ab0c425fd72e74fe98f5715bb30cec09371665f3afd72b85a78ecf44.dll
  2⤵
  PID:3172