2544e8840df200025c42c2905c24684bed4d8c8793a14affbd35789e9e1ff7db

Analysis

max time kernel
142s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 07:11

Target

2544e8840df200025c42c2905c24684bed4d8c8793a14affbd35789e9e1ff7db.dll
Size

2.4MB
MD5

5bf229417b5d9a3f2be826b111c927ac
SHA1

efe107a755d13ebe2226b9855f6930ece7f61272
SHA256

2544e8840df200025c42c2905c24684bed4d8c8793a14affbd35789e9e1ff7db
SHA512

3bbe9de80b390b380f35161b1dce3b12e7a33fc00f437ec2a55f5f0ea31eb18272e4d835b6758c3c5fa8390fafacb6b80e3944c14fdee0d65817e11924ac1058
SSDEEP

768:YtKXjIMtcRrtmgtQmpkrEEW39rpHz/hfFxDp:YtwjxtcxPr5EWFpHz/PH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 836	2688	regsvr32.exe	80
PID 2688 wrote to memory of 836	2688	regsvr32.exe	80
PID 2688 wrote to memory of 836	2688	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2544e8840df200025c42c2905c24684bed4d8c8793a14affbd35789e9e1ff7db.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2544e8840df200025c42c2905c24684bed4d8c8793a14affbd35789e9e1ff7db.dll
  2⤵
  PID:836