fde13c30aa11f589a69f24536ee2b3988da47164e0ddbb30f4c87936b5c89500

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-10-2022 19:08

Target

fde13c30aa11f589a69f24536ee2b3988da47164e0ddbb30f4c87936b5c89500.dll
Size

194KB
MD5

375cb1ea4f1b6b68a17890492bbc5280
SHA1

ce911e9a49be8eb70b946591bc08c925dae048cb
SHA256

fde13c30aa11f589a69f24536ee2b3988da47164e0ddbb30f4c87936b5c89500
SHA512

0c045ea063f0e2b2a1c5f1dcbe20bb33e1c197243da9c303e540f447f881d89364a8c1a8bdf748232a593a4f0d89ab20cf0b6283ae37fe36d6dec223cc566b7d
SSDEEP

3072:W4UpnkTp3olpY5UASoYZEmHqK2tBDa8HawndaZ4ktdvA:xUipkpyU/nByDSwdartd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 748	536	regsvr32.exe	28
PID 536 wrote to memory of 748	536	regsvr32.exe	28
PID 536 wrote to memory of 748	536	regsvr32.exe	28
PID 536 wrote to memory of 748	536	regsvr32.exe	28
PID 536 wrote to memory of 748	536	regsvr32.exe	28
PID 536 wrote to memory of 748	536	regsvr32.exe	28
PID 536 wrote to memory of 748	536	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fde13c30aa11f589a69f24536ee2b3988da47164e0ddbb30f4c87936b5c89500.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:536
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\fde13c30aa11f589a69f24536ee2b3988da47164e0ddbb30f4c87936b5c89500.dll
  2⤵
  PID:748

memory/536-54-0x000007FEFBC61000-0x000007FEFBC63000-memory.dmp

Filesize
8KB

Download
memory/748-55-0x0000000000000000-mapping.dmp

Download
memory/748-56-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download