e926556f4aa8a8db2a1a621d9360d1164fc941b148a9705d2b1838ce6922b2b6

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2023 02:30

Target

e926556f4aa8a8db2a1a621d9360d1164fc941b148a9705d2b1838ce6922b2b6.dll
Size

317KB
MD5

2beec2e8a754afbadef3b37f15488313
SHA1

4d06d76ff9dd91ebb016737429fe940a5060108f
SHA256

e926556f4aa8a8db2a1a621d9360d1164fc941b148a9705d2b1838ce6922b2b6
SHA512

8b78b9840883dc00fc5a45d28f9ee390e09625290c94fb3b10f0f497a561daf2b9107c9ffb5723241764e72c012a5b94d0ca1ed7aaa4a5527cdf066ca6046049
SSDEEP

6144:lIEKYkTzlGz9gOUb2GBqoOkR6loMnKXAOkvS0ZezY1oyjHvYnMN3kl+IbAB6:lfK/lGRgOUqmq9kR6lhKX+reyZjPyG2b

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 3444 wrote to memory of 464	3444	regsvr32.exe	regsvr32.exe
PID 3444 wrote to memory of 464	3444	regsvr32.exe	regsvr32.exe
PID 3444 wrote to memory of 464	3444	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e926556f4aa8a8db2a1a621d9360d1164fc941b148a9705d2b1838ce6922b2b6.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3444

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\e926556f4aa8a8db2a1a621d9360d1164fc941b148a9705d2b1838ce6922b2b6.dll
2⤵
PID:464

memory/464-133-0x0000000011000000-0x0000000011054000-memory.dmp

Filesize
336KB

Download
memory/464-134-0x0000000002580000-0x00000000025E0000-memory.dmp

Filesize
384KB

Download
memory/464-135-0x0000000002520000-0x0000000002521000-memory.dmp

Filesize
4KB

Download