2eff1fe7854b24b2517b26beb341ea4f115e66894ce4a45172adc566b92b02ed

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
30-03-2023 01:39

Target

ee83bc569b8fd831c17845778042ffef7f4a96f9fa54a28ab8517ff2954a1517.dll
Size

566KB
MD5

8e084634f942776f71c350a5545fe39f
SHA1

f245590544ddbfdd97691383fef1b1056d89f28a
SHA256

ee83bc569b8fd831c17845778042ffef7f4a96f9fa54a28ab8517ff2954a1517
SHA512

80e7350c1749923017bbcf08545ccea3ef78926557047a034aa99916851226c1c959bba74920cf3640abe124c0052cf0736662b5eabdbbeb91236602a20f13f0
SSDEEP

12288:wHGWVuU+mptaW3e6QM43Y07PONMxR2soyGTyA8eJb:wmWVuU3X/e6QMYYUPONMxoeGTnZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 4776	2980	regsvr32.exe	85
PID 2980 wrote to memory of 4776	2980	regsvr32.exe	85
PID 2980 wrote to memory of 4776	2980	regsvr32.exe	85

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ee83bc569b8fd831c17845778042ffef7f4a96f9fa54a28ab8517ff2954a1517.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ee83bc569b8fd831c17845778042ffef7f4a96f9fa54a28ab8517ff2954a1517.dll
  2⤵
  PID:4776