f1a78ac944add4e4afc7ebb83fff5d467d8eb7cdae5aedb5867e86884d17a2f6

Analysis

max time kernel
21s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 05:43

Target

f1a78ac944add4e4afc7ebb83fff5d467d8eb7cdae5aedb5867e86884d17a2f6.dll
Size

21KB
MD5

60e71eaef1323476a60af940243a5f20
SHA1

de4f418989fe3a2326004f9eca2abe652a3bca01
SHA256

f1a78ac944add4e4afc7ebb83fff5d467d8eb7cdae5aedb5867e86884d17a2f6
SHA512

e73d8edd0e15f256312fc803290a9dc102c731d6ed3843fc9fc71979777c243153c54a70b97b041c40a91f97837a59004ec43dbeb4264618311d86a60845862c
SSDEEP

384:TEYRQKY3NkhMLO3YCnCtusgIRja9C0sQ6uNvtdh9uYLkbGl9vIJxAjeCG/RGLqZG:TEYRQKaNkhoO3YA8/D6lJtdyNO9S1uLb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1932 wrote to memory of 1920	1932	regsvr32.exe	28
PID 1932 wrote to memory of 1920	1932	regsvr32.exe	28
PID 1932 wrote to memory of 1920	1932	regsvr32.exe	28
PID 1932 wrote to memory of 1920	1932	regsvr32.exe	28
PID 1932 wrote to memory of 1920	1932	regsvr32.exe	28
PID 1932 wrote to memory of 1920	1932	regsvr32.exe	28
PID 1932 wrote to memory of 1920	1932	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f1a78ac944add4e4afc7ebb83fff5d467d8eb7cdae5aedb5867e86884d17a2f6.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1932
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f1a78ac944add4e4afc7ebb83fff5d467d8eb7cdae5aedb5867e86884d17a2f6.dll
  2⤵
  PID:1920

memory/1920-56-0x0000000076181000-0x0000000076183000-memory.dmp

Filesize
8KB

Download
memory/1920-57-0x0000000000390000-0x0000000000393000-memory.dmp

Filesize
12KB

Download
memory/1932-54-0x000007FEFC621000-0x000007FEFC623000-memory.dmp

Filesize
8KB

Download