e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4

Analysis

max time kernel
149s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 16:27

Target

e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4.dll
Size

588KB
MD5

c194c6c3f6d30a7c2ed60ab7ff82be62
SHA1

98cfc68a23613cebe6eef9d2905a795d120d6388
SHA256

e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4
SHA512

0ad786d90e1ee9689b2e8003c8acbae44e67c5525bf8ba604e38015713cf1d36f82d70e93fa7ddb5c4262276c4b061f1368bb9135707e41142e902348147a704
SSDEEP

768:Xu8eQ64b2/XZNxAVIkSi2TkKPR2fJcw61UTzS4HMwXYRRGPZMoTiR5:HVb2/GGi2npX1UTzSIoXfoTm5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 4488	5004	regsvr32.exe	81
PID 5004 wrote to memory of 4488	5004	regsvr32.exe	81
PID 5004 wrote to memory of 4488	5004	regsvr32.exe	81

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4.dll
  2⤵
  PID:4488