c9ebf3db70d130c1e9bde3fa859a314888d31ea7536559578c32d6c0acc16be1

Analysis

max time kernel
160s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 09:18

Target

c9ebf3db70d130c1e9bde3fa859a314888d31ea7536559578c32d6c0acc16be1.dll
Size

128KB
MD5

0f9cf4913116bf66c7bbfc22a3d264d0
SHA1

2872a3fcd70b496d20e4faef3b2370d19bcef39c
SHA256

c9ebf3db70d130c1e9bde3fa859a314888d31ea7536559578c32d6c0acc16be1
SHA512

4b726f4a351879e21bb6033d3e00f0584baa949b95de89a6c0a64d778019f843e4eb5b1684ace79d37f488f5ba7e547f84e642af0e8d73def9af7fc5df2e7ee3
SSDEEP

1536:JDfR/jo2LeV/dFPzmqiTyaDLhYETtyGqgo+XosYFmu1k6:JhjDeV/rPz7oqHGDo+XosYUu1k6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 648 wrote to memory of 2548	648	regsvr32.exe	81
PID 648 wrote to memory of 2548	648	regsvr32.exe	81
PID 648 wrote to memory of 2548	648	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c9ebf3db70d130c1e9bde3fa859a314888d31ea7536559578c32d6c0acc16be1.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:648
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c9ebf3db70d130c1e9bde3fa859a314888d31ea7536559578c32d6c0acc16be1.dll
  2⤵
  PID:2548