Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
30-05-2023 02:30
Behavioral task
behavioral1
Sample
e926556f4aa8a8db2a1a621d9360d1164fc941b148a9705d2b1838ce6922b2b6.dll
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
e926556f4aa8a8db2a1a621d9360d1164fc941b148a9705d2b1838ce6922b2b6.dll
Resource
win10v2004-20230221-en
General
-
Target
e926556f4aa8a8db2a1a621d9360d1164fc941b148a9705d2b1838ce6922b2b6.dll
-
Size
317KB
-
MD5
2beec2e8a754afbadef3b37f15488313
-
SHA1
4d06d76ff9dd91ebb016737429fe940a5060108f
-
SHA256
e926556f4aa8a8db2a1a621d9360d1164fc941b148a9705d2b1838ce6922b2b6
-
SHA512
8b78b9840883dc00fc5a45d28f9ee390e09625290c94fb3b10f0f497a561daf2b9107c9ffb5723241764e72c012a5b94d0ca1ed7aaa4a5527cdf066ca6046049
-
SSDEEP
6144:lIEKYkTzlGz9gOUb2GBqoOkR6loMnKXAOkvS0ZezY1oyjHvYnMN3kl+IbAB6:lfK/lGRgOUqmq9kR6lhKX+reyZjPyG2b
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 3444 wrote to memory of 464 3444 regsvr32.exe regsvr32.exe PID 3444 wrote to memory of 464 3444 regsvr32.exe regsvr32.exe PID 3444 wrote to memory of 464 3444 regsvr32.exe regsvr32.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\e926556f4aa8a8db2a1a621d9360d1164fc941b148a9705d2b1838ce6922b2b6.dll1⤵
- Suspicious use of WriteProcessMemory
PID:3444 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\e926556f4aa8a8db2a1a621d9360d1164fc941b148a9705d2b1838ce6922b2b6.dll2⤵PID:464