eea28a5dc718043314109bd2dcc083c2d4d46d82e92b4f7e657f1131c8497641

Analysis

max time kernel
189s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 21:15

Target

eea28a5dc718043314109bd2dcc083c2d4d46d82e92b4f7e657f1131c8497641.dll
Size

788KB
MD5

60903297667d71f88fb1cc337c5ffc8f
SHA1

8dd6d9e618a6cec19d06394c633a733a52e436d7
SHA256

eea28a5dc718043314109bd2dcc083c2d4d46d82e92b4f7e657f1131c8497641
SHA512

a1a3e324c30a4d9d38cf2c7cd11d86587902b4905f11c06b7631899317414028b31a41db67b43294c8d85d62ffe5066a2799d4b1a356589c334cef7d4a0c84b4
SSDEEP

12288:aKJGD91Y+oskxcegrSeRfglwxr+OhlKDlrgH8QkkQi:aGGjYX7crFgLOhMJrefk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 1808	2348	regsvr32.exe	83
PID 2348 wrote to memory of 1808	2348	regsvr32.exe	83
PID 2348 wrote to memory of 1808	2348	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\eea28a5dc718043314109bd2dcc083c2d4d46d82e92b4f7e657f1131c8497641.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\eea28a5dc718043314109bd2dcc083c2d4d46d82e92b4f7e657f1131c8497641.dll
  2⤵
  PID:1808