9ecc3e8a5783ed17918311e1361a1eb6e1bbaed803f312d947262a09ac20853f

Analysis

max time kernel
75s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 20:29

Target

9ecc3e8a5783ed17918311e1361a1eb6e1bbaed803f312d947262a09ac20853f.dll
Size

139KB
MD5

214744f92dc3226fca9e37f0b08ed2ca
SHA1

17d7c6e786cd84425d408bffcf643da799abf28d
SHA256

9ecc3e8a5783ed17918311e1361a1eb6e1bbaed803f312d947262a09ac20853f
SHA512

3d16e441bcf2260273490418f32b6cc25888545030c0099ecd330a85b1d7f3af6ee95a53cb9d465948c07e599d71b9de450c0adac4a4930fe7f24d0108be043d
SSDEEP

3072:+Yzz09rq3MWRa4kjwUT9TEJD7IsfOPSYzU0B34VZp2b1d:Bz2r+RalwM9wFI+69U0B34VZk/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 4396	3704	regsvr32.exe	83
PID 3704 wrote to memory of 4396	3704	regsvr32.exe	83
PID 3704 wrote to memory of 4396	3704	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9ecc3e8a5783ed17918311e1361a1eb6e1bbaed803f312d947262a09ac20853f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\9ecc3e8a5783ed17918311e1361a1eb6e1bbaed803f312d947262a09ac20853f.dll
  2⤵
  PID:4396