5787434b5d5dc3856b5aa4aae233450d8fd5ac74e13d35d2760e5397a5fd1672

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/10/2022, 02:02

Target

5787434b5d5dc3856b5aa4aae233450d8fd5ac74e13d35d2760e5397a5fd1672.dll
Size

28KB
MD5

611240efbbe98f80ed7ec254fc244760
SHA1

2df1914d81399ec1cfd7716cd12c308df30ba3f6
SHA256

5787434b5d5dc3856b5aa4aae233450d8fd5ac74e13d35d2760e5397a5fd1672
SHA512

92c967d082593a78480d0921746de20a8149758b2e41c5e6d24bd572736f9ddecfc3789dd0403795dcf502ff8fa665e61a514ccd83f776e69da05e52fa4d5ae4
SSDEEP

384:OH2aBIxR8cDQGdhBcOdUOCkIFlIkiKKMGYZKeYa1ocORj8ozllU3AUGiWa:WaxRuG3BcOWxkIUPoZ9Ya1Xq8ozz39

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 2012	1652	regsvr32.exe	28
PID 1652 wrote to memory of 2012	1652	regsvr32.exe	28
PID 1652 wrote to memory of 2012	1652	regsvr32.exe	28
PID 1652 wrote to memory of 2012	1652	regsvr32.exe	28
PID 1652 wrote to memory of 2012	1652	regsvr32.exe	28
PID 1652 wrote to memory of 2012	1652	regsvr32.exe	28
PID 1652 wrote to memory of 2012	1652	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5787434b5d5dc3856b5aa4aae233450d8fd5ac74e13d35d2760e5397a5fd1672.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5787434b5d5dc3856b5aa4aae233450d8fd5ac74e13d35d2760e5397a5fd1672.dll
  2⤵
  PID:2012

memory/1652-54-0x000007FEFBE11000-0x000007FEFBE13000-memory.dmp

Filesize
8KB

Download
memory/2012-56-0x00000000758C1000-0x00000000758C3000-memory.dmp

Filesize
8KB

Download
memory/2012-57-0x0000000000130000-0x0000000000135000-memory.dmp

Filesize
20KB

Download