ee129d7f81be7e04e4e2bc37ec3a47967b7fa2413dba5005d1d342565983e4d3

Analysis

max time kernel
180s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 20:47

Target

ee129d7f81be7e04e4e2bc37ec3a47967b7fa2413dba5005d1d342565983e4d3.dll
Size

45KB
MD5

a70088f0dd934c758e5863c222537067
SHA1

5d89aaca2773cebcdf094ed3cdb649f00205f5e4
SHA256

ee129d7f81be7e04e4e2bc37ec3a47967b7fa2413dba5005d1d342565983e4d3
SHA512

24e8460501e5f44dd4386f2450f65a0ade38a87b779c22e7f195836cfb208869a22b9301b95025edc8939a6c8ec2bb7bdd226690c1a1e301786fdb97d697cade
SSDEEP

768:nz6KN0TQVsuE0NnMX+F4LdG6NK9iiKI7hxPc2ab:nzFEQc0NnM3NKjKBXb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 4688	4908	regsvr32.exe	80
PID 4908 wrote to memory of 4688	4908	regsvr32.exe	80
PID 4908 wrote to memory of 4688	4908	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ee129d7f81be7e04e4e2bc37ec3a47967b7fa2413dba5005d1d342565983e4d3.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ee129d7f81be7e04e4e2bc37ec3a47967b7fa2413dba5005d1d342565983e4d3.dll
  2⤵
  PID:4688