ec0acc9cdbca3333ff2166d682020cd4d1ced63ffa5b361ec7ef00503d19f805

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 10:13

Target

ec0acc9cdbca3333ff2166d682020cd4d1ced63ffa5b361ec7ef00503d19f805.dll
Size

652KB
MD5

225cd0b411031ae81af154cf90844a50
SHA1

b4c9da379c01ec32f5cd0d20c03ab7e8fbce7064
SHA256

ec0acc9cdbca3333ff2166d682020cd4d1ced63ffa5b361ec7ef00503d19f805
SHA512

acb03c2908ab31a04d65a91d241be7823aff610d8833dd6b213d5ff78eb589bd02fb8f867207cdcbcc6681572746d065493809f6139dc06327c9f9a3904b2397
SSDEEP

12288:EQLMFyuwEiuBY8ER5uBj4uX7BlfDd0QC/3oRIUJuNEKqq1wBiJhZ7MQeUYRvXH34:EQowLuBY8OCP7BlfD+f/3oRIUJuNEKqM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 384 wrote to memory of 3592	384	regsvr32.exe	80
PID 384 wrote to memory of 3592	384	regsvr32.exe	80
PID 384 wrote to memory of 3592	384	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ec0acc9cdbca3333ff2166d682020cd4d1ced63ffa5b361ec7ef00503d19f805.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:384
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ec0acc9cdbca3333ff2166d682020cd4d1ced63ffa5b361ec7ef00503d19f805.dll
  2⤵
  PID:3592