a5989c480ec6506247325652a1f3cb415934675de3877270ae0f65edd9b14d13

Analysis

max time kernel
42s
max time network
76s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-10-2022 19:07

Target

a5989c480ec6506247325652a1f3cb415934675de3877270ae0f65edd9b14d13.dll
Size

766KB
MD5

520ee511034717f5499fb66f9c0b76a5
SHA1

3a33de9a84bbc76161895178e3d13bcd28f7d8fe
SHA256

a5989c480ec6506247325652a1f3cb415934675de3877270ae0f65edd9b14d13
SHA512

71aa0b3c175ac0ac90e837e649cdc7013262cf62265ba02f3ecdcbd7bbc8a20574fecfa21189572039ad4cafc3b41c5a12ad26ad9bafd4d1f70bfd931a7737be
SSDEEP

12288:bMzdMxHXTL+RGjMY9Hrc6yOHXOpcAFVWfKxob/ytkYag:bMZaBL/dXOp3FcfKxo7Ca

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 1076	1956	regsvr32.exe	27
PID 1956 wrote to memory of 1076	1956	regsvr32.exe	27
PID 1956 wrote to memory of 1076	1956	regsvr32.exe	27
PID 1956 wrote to memory of 1076	1956	regsvr32.exe	27
PID 1956 wrote to memory of 1076	1956	regsvr32.exe	27
PID 1956 wrote to memory of 1076	1956	regsvr32.exe	27
PID 1956 wrote to memory of 1076	1956	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a5989c480ec6506247325652a1f3cb415934675de3877270ae0f65edd9b14d13.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a5989c480ec6506247325652a1f3cb415934675de3877270ae0f65edd9b14d13.dll
  2⤵
  PID:1076

memory/1076-56-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download
memory/1076-57-0x0000000000800000-0x000000000083F000-memory.dmp

Filesize
252KB

Download
memory/1076-63-0x0000000000800000-0x000000000083F000-memory.dmp

Filesize
252KB

Download
memory/1956-54-0x000007FEFB931000-0x000007FEFB933000-memory.dmp

Filesize
8KB

Download