Analysis
-
max time kernel
151s -
max time network
150s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
13-11-2021 17:36
Static task
static1
Behavioral task
behavioral1
Sample
e180a872a0dc889066d57d0f53898aa731762d2a85573ae6f99007b0564788d2.dll
Resource
win7-en-20211104
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
e180a872a0dc889066d57d0f53898aa731762d2a85573ae6f99007b0564788d2.dll
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
e180a872a0dc889066d57d0f53898aa731762d2a85573ae6f99007b0564788d2.dll
-
Size
52KB
-
MD5
0cd17ed77e0caeaa3ec3a96de3959eb9
-
SHA1
7b03599c4353b2abd1928c9e527a2d6b36b8c39c
-
SHA256
e180a872a0dc889066d57d0f53898aa731762d2a85573ae6f99007b0564788d2
-
SHA512
c5dec538c95962bbb5b8259be99d09015ab95ea93ef948ad586264978257a2082a5e92fa7e37756d9164caef2f3549d2edd95cf22438e279fad3796f67f67dcb
Score
1/10
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2716 wrote to memory of 2764 2716 regsvr32.exe 69 PID 2716 wrote to memory of 2764 2716 regsvr32.exe 69 PID 2716 wrote to memory of 2764 2716 regsvr32.exe 69
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\e180a872a0dc889066d57d0f53898aa731762d2a85573ae6f99007b0564788d2.dll1⤵
- Suspicious use of WriteProcessMemory
PID:2716 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\e180a872a0dc889066d57d0f53898aa731762d2a85573ae6f99007b0564788d2.dll2⤵PID:2764
-