5ec2bcf8fcaee1b96697c61d5e43fe5abec37f316c2bec34295941cb3ab1a74a

Analysis

max time kernel
91s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 02:18

Target

5ec2bcf8fcaee1b96697c61d5e43fe5abec37f316c2bec34295941cb3ab1a74a.dll
Size

181KB
MD5

c81f9d38c7bcec93eb16a9bae04eec80
SHA1

04fcf78603c800597e917b6580320899ddc01f40
SHA256

5ec2bcf8fcaee1b96697c61d5e43fe5abec37f316c2bec34295941cb3ab1a74a
SHA512

4eea6870b188ac9986254e08d4658f15bc5f2f6e1f34cae1c74b13c5ba17b75249990d7ff72c7b377a3042ca41ccae6be9e111060582da4bea8b7f34e4d8d4fa
SSDEEP

3072:vnwXCOA9wn5suzPvVwue6nA7urPhlaDLFxM3EnE8+gZUTYvR4HGxWsdvUe38bH:vnJOA9rMXOulA8laDXM3EtSUJ4HY9Ml

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 1496	3996	regsvr32.exe	80
PID 3996 wrote to memory of 1496	3996	regsvr32.exe	80
PID 3996 wrote to memory of 1496	3996	regsvr32.exe	80

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5ec2bcf8fcaee1b96697c61d5e43fe5abec37f316c2bec34295941cb3ab1a74a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5ec2bcf8fcaee1b96697c61d5e43fe5abec37f316c2bec34295941cb3ab1a74a.dll
  2⤵
  PID:1496

memory/1496-133-0x0000000010000000-0x0000000010031000-memory.dmp

Filesize
196KB

Download