c3025ef250d5eb715c064b34f2c5b175007ff3adb5e3536a22987ff68a257f3a

Analysis

max time kernel
151s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 17:53

Target

c3025ef250d5eb715c064b34f2c5b175007ff3adb5e3536a22987ff68a257f3a.dll
Size

128KB
MD5

898b862859338e3293bc108530313a8f
SHA1

1766aeb977be850518aaff023624fba50e63a5ac
SHA256

c3025ef250d5eb715c064b34f2c5b175007ff3adb5e3536a22987ff68a257f3a
SHA512

45920e72d88d15b20d92468fde273502f995df33941b32fa83e621c53634219c51e92b53b4006f926ac019caf5fb59e131b6bcfffa49c036769743793604a388
SSDEEP

1536:AUgJ+bbg2rWyvmULwsQqdnITBNQIZnCLzs1A6:AyrWyv7wc8iItCLzs1H

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2760 wrote to memory of 4412	2760	regsvr32.exe	regsvr32.exe
PID 2760 wrote to memory of 4412	2760	regsvr32.exe	regsvr32.exe
PID 2760 wrote to memory of 4412	2760	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c3025ef250d5eb715c064b34f2c5b175007ff3adb5e3536a22987ff68a257f3a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2760

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\c3025ef250d5eb715c064b34f2c5b175007ff3adb5e3536a22987ff68a257f3a.dll
2⤵
PID:4412