23323b5ce6d92a09d65816bc7e8d23f444ab9f6749dfc23cc7fed1934a640de9

Analysis

max time kernel
20s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/10/2022, 15:02

Target

23323b5ce6d92a09d65816bc7e8d23f444ab9f6749dfc23cc7fed1934a640de9.dll
Size

588KB
MD5

5a9a532273f63766dc918286d694028f
SHA1

89cba2b8acf02a4943d131a39e413c18b0a94b0b
SHA256

23323b5ce6d92a09d65816bc7e8d23f444ab9f6749dfc23cc7fed1934a640de9
SHA512

1b049b21a68480550e7c4b1239977ee3f40ec185757820e1391a65d0464e9fbad839b1b28d945e8cc40623c5f486d54e81cca74cccea6b11676e40d394056372
SSDEEP

768:cxbiRs43zQYY2uXZ9hAVaAAStKIZ+2fJcwqVETAz4HMBbsjjRGPZMoJ/cV:/sGY2IGI7IZ+nVETAzFs1foJA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1776 wrote to memory of 1796	1776	regsvr32.exe	27
PID 1776 wrote to memory of 1796	1776	regsvr32.exe	27
PID 1776 wrote to memory of 1796	1776	regsvr32.exe	27
PID 1776 wrote to memory of 1796	1776	regsvr32.exe	27
PID 1776 wrote to memory of 1796	1776	regsvr32.exe	27
PID 1776 wrote to memory of 1796	1776	regsvr32.exe	27
PID 1776 wrote to memory of 1796	1776	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\23323b5ce6d92a09d65816bc7e8d23f444ab9f6749dfc23cc7fed1934a640de9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1776
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\23323b5ce6d92a09d65816bc7e8d23f444ab9f6749dfc23cc7fed1934a640de9.dll
  2⤵
  PID:1796

memory/1776-54-0x000007FEFB731000-0x000007FEFB733000-memory.dmp

Filesize
8KB

Download
memory/1796-56-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download