01f39b27d954d49c89e0de3854b09a922de5d6f3c43000c5e42dc2dbe44ec38d

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 21:29

Target

01f39b27d954d49c89e0de3854b09a922de5d6f3c43000c5e42dc2dbe44ec38d.dll
Size

495KB
MD5

7baa3bc20725e230c61fda6c3e070fc3
SHA1

278b4c58922f580c883deb2df493f1bc1c72282a
SHA256

01f39b27d954d49c89e0de3854b09a922de5d6f3c43000c5e42dc2dbe44ec38d
SHA512

5da81269a73c09c65e8d06191615db3212d1897e46de5f63e4657c16c56b62f67ab81a0e1b7e8bc1222aab913635b5356b2c691f079f0f5f174414e1ab7cde7c
SSDEEP

6144:o7NC29GCivWCFClBi1Uo3zg5DOxI9NNiMkOSyQ7CeRa91sZeVgb5IYa:opCMGC/CFNWizg5DYINNiLrVO1C+Ya

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 1676	1884	regsvr32.exe	28
PID 1884 wrote to memory of 1676	1884	regsvr32.exe	28
PID 1884 wrote to memory of 1676	1884	regsvr32.exe	28
PID 1884 wrote to memory of 1676	1884	regsvr32.exe	28
PID 1884 wrote to memory of 1676	1884	regsvr32.exe	28
PID 1884 wrote to memory of 1676	1884	regsvr32.exe	28
PID 1884 wrote to memory of 1676	1884	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\01f39b27d954d49c89e0de3854b09a922de5d6f3c43000c5e42dc2dbe44ec38d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\01f39b27d954d49c89e0de3854b09a922de5d6f3c43000c5e42dc2dbe44ec38d.dll
  2⤵
  PID:1676

memory/1676-56-0x0000000076321000-0x0000000076323000-memory.dmp

Filesize
8KB

Download
memory/1676-57-0x00000000001C0000-0x00000000001CF000-memory.dmp

Filesize
60KB

Download
memory/1676-58-0x00000000001E0000-0x00000000001EF000-memory.dmp

Filesize
60KB

Download
memory/1884-54-0x000007FEFBD01000-0x000007FEFBD03000-memory.dmp

Filesize
8KB

Download