2b5a4d1227111244a1f57c1fe828dff570ad64f2deaa518135d1eb6b57c38c41

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 00:13

Target

2b5a4d1227111244a1f57c1fe828dff570ad64f2deaa518135d1eb6b57c38c41.dll
Size

176KB
MD5

69796bfca1af11eeca64f585cb3650a0
SHA1

2868378b339e193e99d2b7c8c805852fc1a33a51
SHA256

2b5a4d1227111244a1f57c1fe828dff570ad64f2deaa518135d1eb6b57c38c41
SHA512

2bb5ebcf13aeb5a462f6489b1d1db8b083a7d447e096a584e71ccaeccb45fae697b919b7bb285a0ad652d9959d75842ebc01b61df80f51a97c877efb57c01cb9
SSDEEP

3072:01BNnTnja4KwT7sRABeHKwp8Xx9g+pWLFWuSWwmWbgWaLWYRWuHWarW53Wp3WZgO:S7Tja670gygxu5LFIR

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 916 wrote to memory of 960	916	regsvr32.exe	27
PID 916 wrote to memory of 960	916	regsvr32.exe	27
PID 916 wrote to memory of 960	916	regsvr32.exe	27
PID 916 wrote to memory of 960	916	regsvr32.exe	27
PID 916 wrote to memory of 960	916	regsvr32.exe	27
PID 916 wrote to memory of 960	916	regsvr32.exe	27
PID 916 wrote to memory of 960	916	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2b5a4d1227111244a1f57c1fe828dff570ad64f2deaa518135d1eb6b57c38c41.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:916
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2b5a4d1227111244a1f57c1fe828dff570ad64f2deaa518135d1eb6b57c38c41.dll
  2⤵
  PID:960

memory/916-54-0x000007FEFBF71000-0x000007FEFBF73000-memory.dmp

Filesize
8KB

Download
memory/960-56-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download