bfd4606d32c1bce2b495ac0783a68cf97b6205fbb41654559aee832f392d8fe5

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 07:44

Target

bfd4606d32c1bce2b495ac0783a68cf97b6205fbb41654559aee832f392d8fe5.dll
Size

238KB
MD5

6a9001ad5a49bd86abd67b46e6b4f3ad
SHA1

8ff9e4fa8f5d4e53d1caff977cc5eed7325beca9
SHA256

bfd4606d32c1bce2b495ac0783a68cf97b6205fbb41654559aee832f392d8fe5
SHA512

2e8311fd0626dc1c5f5cab0ce9f8342f2e68909b3c78a090f221b5fac1610ca4b34b700d0a46b0d81b2579f591a7dda8a3d8e1b173ab7618d0832945fbd55c02
SSDEEP

6144:MN2EkHSib6SWheBLdeHU4iSL14MSL14MSLV:NHSie6Bo04iSL14MSL14MSLV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3684 wrote to memory of 4248	3684	regsvr32.exe	80
PID 3684 wrote to memory of 4248	3684	regsvr32.exe	80
PID 3684 wrote to memory of 4248	3684	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bfd4606d32c1bce2b495ac0783a68cf97b6205fbb41654559aee832f392d8fe5.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3684
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\bfd4606d32c1bce2b495ac0783a68cf97b6205fbb41654559aee832f392d8fe5.dll
  2⤵
  PID:4248