a15f4f4acd24d7a7833c82fd6415c38f1c691528a79d342122e0cdae5a417ebc

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 13:56

Target

a15f4f4acd24d7a7833c82fd6415c38f1c691528a79d342122e0cdae5a417ebc.dll
Size

31KB
MD5

66e5d8b22e258b582b768e28590393f0
SHA1

baa5ddf18749fc5c4d5e2fb53cd1fa1bac23ec27
SHA256

a15f4f4acd24d7a7833c82fd6415c38f1c691528a79d342122e0cdae5a417ebc
SHA512

ab1dd96014c92112cc4582c0aeb53a11195153d95419a8f2cef7ff7672144e8d9cc4bd0a36179efc9879e7f3be644209f85a88ce3dd352473c79b2b1ea379594
SSDEEP

384:WCNe0cVyphGfR2FnayzOjI+LM3JuUwHdKMSXRR5kzLa8WIHibwHL30SNk:hehypwzG5CH5SXr5wtWwi0r30V

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 584 wrote to memory of 1788	584	regsvr32.exe	28
PID 584 wrote to memory of 1788	584	regsvr32.exe	28
PID 584 wrote to memory of 1788	584	regsvr32.exe	28
PID 584 wrote to memory of 1788	584	regsvr32.exe	28
PID 584 wrote to memory of 1788	584	regsvr32.exe	28
PID 584 wrote to memory of 1788	584	regsvr32.exe	28
PID 584 wrote to memory of 1788	584	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a15f4f4acd24d7a7833c82fd6415c38f1c691528a79d342122e0cdae5a417ebc.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:584
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a15f4f4acd24d7a7833c82fd6415c38f1c691528a79d342122e0cdae5a417ebc.dll
  2⤵
  PID:1788

memory/584-54-0x000007FEFBC61000-0x000007FEFBC63000-memory.dmp

Filesize
8KB

Download
memory/1788-56-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download
memory/1788-57-0x0000000000170000-0x000000000017D000-memory.dmp

Filesize
52KB

Download