fb40453fbe3de6f8c609e5628c195bf06603f54d74e4a173a621c48c819869b8

Analysis

max time kernel
92s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/02/2023, 13:34

Target

70f524cf8b7cd880f79a214301b9ef599f639933.dll
Size

68KB
MD5

39f5d5a9be683b54feae3a15983f0739
SHA1

70f524cf8b7cd880f79a214301b9ef599f639933
SHA256

fb40453fbe3de6f8c609e5628c195bf06603f54d74e4a173a621c48c819869b8
SHA512

a8e8d8beaf6c9f74f103c02caeb8db87ccec512e613b7af2c165d72b75548d4b58ff0ed4beb7e8712ab843d093f27bac90190ff0d57e33c1bc1d6d9ca558e831
SSDEEP

1536:BWfiGymh4vfhpDJNrhUy8t29ZQBHxJM6CIIH5+PomTqNol1/9jS:BWfkvfVNrqtD/M6CzHEPDTSol

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2032	3012	regsvr32.exe	78
PID 3012 wrote to memory of 2032	3012	regsvr32.exe	78
PID 3012 wrote to memory of 2032	3012	regsvr32.exe	78

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\70f524cf8b7cd880f79a214301b9ef599f639933.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\70f524cf8b7cd880f79a214301b9ef599f639933.dll
  2⤵
  PID:2032