f9c1c66b78402910e3fb2c448245d5be45a0ee5019e33564c5c55b2ec948ac8b

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
07-12-2022 06:48

Target

f9c1c66b78402910e3fb2c448245d5be45a0ee5019e33564c5c55b2ec948ac8b.dll
Size

2.4MB
MD5

d28b9e02b9cef4d57ba7fb5ea5495e7f
SHA1

54aecb98b7ca76c217c605fa95f8bf59781857a0
SHA256

f9c1c66b78402910e3fb2c448245d5be45a0ee5019e33564c5c55b2ec948ac8b
SHA512

426d35682cc15419ba2d37167455522071a3d8b8efe2de60dea6ac56e67c071ef83e1702d369480b7dd028c6af2794f0cca841480a15456918796ec730680267
SSDEEP

49152:qWlitqo5Z23BYMFILjZnyKR5R0P+aW/JH1Q/G6omDmPnT8i3:qTqAnhRM+aiMHoSkA2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 760 wrote to memory of 3044	760	regsvr32.exe	regsvr32.exe
PID 760 wrote to memory of 3044	760	regsvr32.exe	regsvr32.exe
PID 760 wrote to memory of 3044	760	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f9c1c66b78402910e3fb2c448245d5be45a0ee5019e33564c5c55b2ec948ac8b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:760

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\f9c1c66b78402910e3fb2c448245d5be45a0ee5019e33564c5c55b2ec948ac8b.dll
2⤵
PID:3044

memory/3044-133-0x0000000000000000-mapping.dmp

Download
memory/3044-134-0x0000000002CC0000-0x0000000002E58000-memory.dmp

Filesize
1.6MB

Download
memory/3044-135-0x0000000002CC0000-0x0000000002E58000-memory.dmp

Filesize
1.6MB

Download