79488cc937552661962ffd0c23f3e909a41135d37f83cecbee69114846c2614f

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2023, 10:20

Target

79488cc937552661962ffd0c23f3e909a41135d37f83cecbee69114846c2614f.dll
Size

615KB
MD5

6499e26eb77cc13ffc39fd97e4707add
SHA1

0a3f91a4772d228107472f72fa6d409ef93f8707
SHA256

79488cc937552661962ffd0c23f3e909a41135d37f83cecbee69114846c2614f
SHA512

170c1d8ec44459e95380340caef27f86b8c5717c6a7e8d61b444697e5fe8d24d6d25cf172fb469dc96ef91f423d31d4be8611d030a5b7f75234055904431d8a5
SSDEEP

6144:JLDqMtbjZ8/WKJlAp3Yo6ILRoh4UQ8d4Jdut/JiYgbFfSqimXIGh59g8JDSQcZnf:JD9SOKJlARYo7Kh3yJASWqiOpJgO9s

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 1952	2672	regsvr32.exe	83
PID 2672 wrote to memory of 1952	2672	regsvr32.exe	83
PID 2672 wrote to memory of 1952	2672	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\79488cc937552661962ffd0c23f3e909a41135d37f83cecbee69114846c2614f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\79488cc937552661962ffd0c23f3e909a41135d37f83cecbee69114846c2614f.dll
  2⤵
  PID:1952