c6e99916ac328848ec32d3f6ca5679b0e26c1c64c2c241dff1b5cd44a6db376e

Analysis

max time kernel
46s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 05:08

Target

c6e99916ac328848ec32d3f6ca5679b0e26c1c64c2c241dff1b5cd44a6db376e.dll
Size

452KB
MD5

404175167abc9d25b86e586439e8a8b0
SHA1

680d49d6bf1c078164b7d92fdaee7d6cb0f0b9fa
SHA256

c6e99916ac328848ec32d3f6ca5679b0e26c1c64c2c241dff1b5cd44a6db376e
SHA512

9c1265d84da7582fb014c41bf5604cf9d52663aa08c12e8e0e40bd86aad9bba81290915626d4cf64e43cdab102593279e8b0cbf1fe2dca3fd1f2f7ab89a8c563
SSDEEP

12288:kGwTNWbR1J9CGrYBZRaJsbC5YbWpoUGV/kVpj/JBQTrGX6B2c1z:k3C1nmHWG2oUGmVpDsTrGXSz

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\regsvr32.exe	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 1100	1200	regsvr32.exe	27
PID 1200 wrote to memory of 1100	1200	regsvr32.exe	27
PID 1200 wrote to memory of 1100	1200	regsvr32.exe	27
PID 1200 wrote to memory of 1100	1200	regsvr32.exe	27
PID 1200 wrote to memory of 1100	1200	regsvr32.exe	27
PID 1200 wrote to memory of 1100	1200	regsvr32.exe	27
PID 1200 wrote to memory of 1100	1200	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c6e99916ac328848ec32d3f6ca5679b0e26c1c64c2c241dff1b5cd44a6db376e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c6e99916ac328848ec32d3f6ca5679b0e26c1c64c2c241dff1b5cd44a6db376e.dll
  2⤵
  - Drops file in System32 directory
  PID:1100

memory/1100-56-0x0000000075AC1000-0x0000000075AC3000-memory.dmp

Filesize
8KB

Download
memory/1200-54-0x000007FEFC001000-0x000007FEFC003000-memory.dmp

Filesize
8KB

Download