74a19f40d77ee045accc1c0359ed26c1c716f51c3ea8465168b3b5a1df8888f7

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2023, 10:18

Target

74a19f40d77ee045accc1c0359ed26c1c716f51c3ea8465168b3b5a1df8888f7.dll
Size

68KB
MD5

c55948bcdb71985365cb4fdc02538a76
SHA1

77a67f29058b6382fbe36b2aca1ac02a1a613b80
SHA256

74a19f40d77ee045accc1c0359ed26c1c716f51c3ea8465168b3b5a1df8888f7
SHA512

54df32f2b5c6bc521808b397a79c79306e5e868f3daaeebeb937ee703a4c4353519b9ae7e5948340436d87bd2823948256820b2b1dfe4d6b55274a6b53a5c195
SSDEEP

768:VpbhZeFM9bUouiwiL2GyBewiLW+73rIWipy2H:Vpb3eFM9bURAS/iLhcphH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 3680	1368	regsvr32.exe	80
PID 1368 wrote to memory of 3680	1368	regsvr32.exe	80
PID 1368 wrote to memory of 3680	1368	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\74a19f40d77ee045accc1c0359ed26c1c716f51c3ea8465168b3b5a1df8888f7.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\74a19f40d77ee045accc1c0359ed26c1c716f51c3ea8465168b3b5a1df8888f7.dll
  2⤵
  PID:3680