ef620719552a3169fe4f5e2fd038021a9c162d7ca408061aa700b193c4b499e6

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 17:33

Target

ef620719552a3169fe4f5e2fd038021a9c162d7ca408061aa700b193c4b499e6.dll
Size

630KB
MD5

9015e8cd2f1b2705446ddae2d1889c1a
SHA1

eb778772bdc628858f96a3754053577fed9961a1
SHA256

ef620719552a3169fe4f5e2fd038021a9c162d7ca408061aa700b193c4b499e6
SHA512

dd796cb44ff4d9d3201a38addafab178befb8be778aa8720ab8923604699062c4ff183fc326f06a388e431c987ba144332f6ab8361b140810f0b81b22f26fe21
SSDEEP

12288:MD48aMMsKS9BAXjhkTMyWt4w/ui5WCLjNBNy:MUSMsL72qMS1EWajU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 4568	4988	regsvr32.exe	80
PID 4988 wrote to memory of 4568	4988	regsvr32.exe	80
PID 4988 wrote to memory of 4568	4988	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ef620719552a3169fe4f5e2fd038021a9c162d7ca408061aa700b193c4b499e6.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4988
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ef620719552a3169fe4f5e2fd038021a9c162d7ca408061aa700b193c4b499e6.dll
  2⤵
  PID:4568