bb5bfe49c63d88f28e88f3d36dcd93b5288f5a5fd0c2210a63c80b87f621854e

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 23:42

Target

bb5bfe49c63d88f28e88f3d36dcd93b5288f5a5fd0c2210a63c80b87f621854e.dll
Size

170KB
MD5

7831e3240cacfd7d2d22cb9176151c13
SHA1

40c0e68074243252cd7977961202e57f37f9c325
SHA256

bb5bfe49c63d88f28e88f3d36dcd93b5288f5a5fd0c2210a63c80b87f621854e
SHA512

59ff03f742d2d6e8aa618f0215f1d41d0cd1db9805c7b46ac2cd6e3e5347bbe918423697d80bd93efb13d4d1b9a030b8180a99b025433ffe99b268ca12cde9dc
SSDEEP

3072:eUXlFI6KJyss2qQwPyEKM3yCFWPusDBdR8ZdCzH/SxwsK1kN22B3szwk1:eMXI6MyNqSx3yC8PVDBdRaCzH/Sxwn1D

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1832 wrote to memory of 1240	1832	regsvr32.exe	27
PID 1832 wrote to memory of 1240	1832	regsvr32.exe	27
PID 1832 wrote to memory of 1240	1832	regsvr32.exe	27
PID 1832 wrote to memory of 1240	1832	regsvr32.exe	27
PID 1832 wrote to memory of 1240	1832	regsvr32.exe	27
PID 1832 wrote to memory of 1240	1832	regsvr32.exe	27
PID 1832 wrote to memory of 1240	1832	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bb5bfe49c63d88f28e88f3d36dcd93b5288f5a5fd0c2210a63c80b87f621854e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1832
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\bb5bfe49c63d88f28e88f3d36dcd93b5288f5a5fd0c2210a63c80b87f621854e.dll
  2⤵
  PID:1240

memory/1240-56-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download
memory/1832-54-0x000007FEFB6A1000-0x000007FEFB6A3000-memory.dmp

Filesize
8KB

Download