cd758b765a270ec80035d3d90f412abcd946430c6a8faa43a2490b8e38bb659e

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 04:31

Target

cd758b765a270ec80035d3d90f412abcd946430c6a8faa43a2490b8e38bb659e.dll
Size

120KB
MD5

6d0de057d4ffbe3573ad918a34423a23
SHA1

f5e4c1600d4a5865c165e0eb7640db64700b9de9
SHA256

cd758b765a270ec80035d3d90f412abcd946430c6a8faa43a2490b8e38bb659e
SHA512

555734c839cd8ed97b20c257f83320295178316981fe35d77c1f36337db11f9f0483c87e1afd2206d394912756c3a4b25fc49b64b45d70c3dcb3c7edf3c543a1
SSDEEP

1536:vpq2QQzTa6+J9uafOmXOVv36v3qLqMtPt:nnzTkQKhXGf6v3qmMdt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 1896	1652	regsvr32.exe	28
PID 1652 wrote to memory of 1896	1652	regsvr32.exe	28
PID 1652 wrote to memory of 1896	1652	regsvr32.exe	28
PID 1652 wrote to memory of 1896	1652	regsvr32.exe	28
PID 1652 wrote to memory of 1896	1652	regsvr32.exe	28
PID 1652 wrote to memory of 1896	1652	regsvr32.exe	28
PID 1652 wrote to memory of 1896	1652	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cd758b765a270ec80035d3d90f412abcd946430c6a8faa43a2490b8e38bb659e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cd758b765a270ec80035d3d90f412abcd946430c6a8faa43a2490b8e38bb659e.dll
  2⤵
  PID:1896

memory/1652-54-0x000007FEFBB81000-0x000007FEFBB83000-memory.dmp

Filesize
8KB

Download
memory/1896-56-0x0000000076041000-0x0000000076043000-memory.dmp

Filesize
8KB

Download
memory/1896-57-0x0000000000170000-0x000000000018E000-memory.dmp

Filesize
120KB

Download