7ee0e655eea5de200d69e995c1001556502d637ffdaafbe3aef7dbfca4e36037

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 12:32

Target

CIWmi.dll
Size

32KB
MD5

d16917e77b2ed19ff7484c7f2a34b70b
SHA1

141daea98042a2aff188276fc9c680adbd7593e8
SHA256

7ee0e655eea5de200d69e995c1001556502d637ffdaafbe3aef7dbfca4e36037
SHA512

6b071dc9991684be727d7331c54a5939b5f24ee191fe4ac6e2331901a9946a2511b9d791a45cf35642e05ec16989e6f3ffb3329e84caa584597dee4b30976cc0
SSDEEP

384:r7Pw9Am9GsKmxVTmNcIv2F36ryf+s4PECwM13eiwlIjymGR2gAY0h7yln5kfQLho:rrpmglUVH6r913eiw+Dmmg/v/0/WJ/2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 3112	1540	regsvr32.exe	83
PID 1540 wrote to memory of 3112	1540	regsvr32.exe	83
PID 1540 wrote to memory of 3112	1540	regsvr32.exe	83

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\CIWmi.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\CIWmi.dll
  2⤵
  PID:3112