e81ec865703955544d2367b264e3dcea2f62b946d7522e93d9fc503d134915c0

Analysis

max time kernel
130s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19-01-2024 00:34

Target

e81ec865703955544d2367b264e3dcea2f62b946d7522e93d9fc503d134915c0.dll
Size

5.0MB
MD5

675786fc194caf239dd8f19693b65fd4
SHA1

f41b17806308d77c366260c21fbf7bcdf729afe5
SHA256

e81ec865703955544d2367b264e3dcea2f62b946d7522e93d9fc503d134915c0
SHA512

e6de6a8e6d5bf48577fa6b5a2e6bb86039c3772d19e11fc1dd076cfd8e749860bb3d2afc4d65f0050819b6af6cea43a86d80b1ade2162734fdef2d7e0d00c7ce
SSDEEP

98304:2k9E8LyFTeM68B+5JgLeV9NmPvxwR4ZfHMnmKxlt:2kcTm8nYCJwSpsnmKxv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 4924	452	regsvr32.exe	88
PID 452 wrote to memory of 4924	452	regsvr32.exe	88
PID 452 wrote to memory of 4924	452	regsvr32.exe	88

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e81ec865703955544d2367b264e3dcea2f62b946d7522e93d9fc503d134915c0.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:452
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e81ec865703955544d2367b264e3dcea2f62b946d7522e93d9fc503d134915c0.dll
  2⤵
  PID:4924