81bdc9afd4186ca8d985b86385cd41d5392bb1a5f35945c3e296388d7654a343

Analysis

max time kernel
167s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 18:08

Target

81bdc9afd4186ca8d985b86385cd41d5392bb1a5f35945c3e296388d7654a343.dll
Size

588KB
MD5

761d4c3f6c7c8ffd8fe14e966ba3d336
SHA1

21f07c98a74a2affd4089f2bba5d464b3a9c003c
SHA256

81bdc9afd4186ca8d985b86385cd41d5392bb1a5f35945c3e296388d7654a343
SHA512

e8c0f0c4f030bc2075d29199c3b52823f0254bb5e195aba815bb4214597e15d8546440bebf700ced8506cc3e69397b4e0efdd9968f366c9c46a1a68dea12dd7c
SSDEEP

1536:iGc/5PpTowbqwI81hDTlBSaDf3dlK+hiKbZXwqBk6u6oNlxuAsyHlm:ihPmanP1hrSaDf3DZXRpu6oNlgyHlm

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4332 wrote to memory of 4224	4332	regsvr32.exe	80
PID 4332 wrote to memory of 4224	4332	regsvr32.exe	80
PID 4332 wrote to memory of 4224	4332	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\81bdc9afd4186ca8d985b86385cd41d5392bb1a5f35945c3e296388d7654a343.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4332
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\81bdc9afd4186ca8d985b86385cd41d5392bb1a5f35945c3e296388d7654a343.dll
  2⤵
  PID:4224