932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 18:43

Target

932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e.dll
Size

795KB
MD5

ac33fea4c2a9bbca3559142838441f84
SHA1

948ef8caef5c1254be551cab8a64c687ea0faf84
SHA256

932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e
SHA512

fb0281077f3c679ce359b58f79c8643c8e3a6f57b8c5cbaa10b26a08ecd862b3f4b411754de1cfae9cfe64fdcb89e9ef71d79ae573d77647b7be81d44b1d390c
SSDEEP

12288:WmEv6GDiRtf+3j4rPoYm6TXeYjPZtHHRnM+1qgD:WmG68YwY1VltHHRDv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 1576	1752	regsvr32.exe	27
PID 1752 wrote to memory of 1576	1752	regsvr32.exe	27
PID 1752 wrote to memory of 1576	1752	regsvr32.exe	27
PID 1752 wrote to memory of 1576	1752	regsvr32.exe	27
PID 1752 wrote to memory of 1576	1752	regsvr32.exe	27
PID 1752 wrote to memory of 1576	1752	regsvr32.exe	27
PID 1752 wrote to memory of 1576	1752	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\932778732711cd18d5c4aabc507a65180bf1d4bd2b7d2d4e5506be4b8193596e.dll
  2⤵
  PID:1576

memory/1576-56-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download
memory/1576-60-0x0000000000210000-0x000000000024F000-memory.dmp

Filesize
252KB

Download
memory/1576-63-0x00000000001D0000-0x0000000000250000-memory.dmp

Filesize
512KB

Download
memory/1576-64-0x00000000001D0000-0x0000000000250000-memory.dmp

Filesize
512KB

Download
memory/1752-54-0x000007FEFB7F1000-0x000007FEFB7F3000-memory.dmp

Filesize
8KB

Download