42eb47a5e4fe7499c98dd89685ec652dc67eb3b4fe5a351811c0540059db12af

Analysis

max time kernel
130s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
07/02/2023, 12:20

Target

42eb47a5e4fe7499c98dd89685ec652dc67eb3b4fe5a351811c0540059db12af.dll
Size

1.3MB
MD5

545b8ad727b5e964c85f1e58ff933ca5
SHA1

5afea3690371a947cf35691c8fc2a12703a8658e
SHA256

42eb47a5e4fe7499c98dd89685ec652dc67eb3b4fe5a351811c0540059db12af
SHA512

49b08849f20295f4936f61dc0c41e883a0257bed0a7e3a304feeaf4094573ac7d34f95980456e9bd26966fb91767dc77762e7be39e3a00367ca3756c3568cad0
SSDEEP

24576:Um6lLjLR8nCF9qMURYkx+oPnhdrhxhONbUggCNyaHdd4nMUF0e8MO2v0:V69jN3FEGmnhdj8YwOrN8MO2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 4008	1972	regsvr32.exe	76
PID 1972 wrote to memory of 4008	1972	regsvr32.exe	76
PID 1972 wrote to memory of 4008	1972	regsvr32.exe	76

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\42eb47a5e4fe7499c98dd89685ec652dc67eb3b4fe5a351811c0540059db12af.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\42eb47a5e4fe7499c98dd89685ec652dc67eb3b4fe5a351811c0540059db12af.dll
  2⤵
  PID:4008

memory/4008-133-0x0000000002630000-0x0000000002771000-memory.dmp

Filesize
1.3MB

Download