f08ebf939ffca77696b2644523f265f1b0fe9b2e37dd5d612e92e835df2304d9

Analysis

max time kernel
23s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11-10-2022 04:35

Target

f08ebf939ffca77696b2644523f265f1b0fe9b2e37dd5d612e92e835df2304d9.dll
Size

124KB
MD5

4aa27cce9db80984b4bd2354ef4c3830
SHA1

a5649673e5015bcdb75b0b03793a52675d2a5d68
SHA256

f08ebf939ffca77696b2644523f265f1b0fe9b2e37dd5d612e92e835df2304d9
SHA512

866827eab42db6a6cde9c1722d8ca21afcdb645dca33ef17334263402aebfa167c6134fe58e57e199cab819caa38c5e4c633b5ba8a693e535acbc66ad1a7b509
SSDEEP

1536:PwKqbQXb0o9tPqG+FwMReMgAony0fwf12:eOQ0ycogAo/fwf12

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 2004	884	regsvr32.exe	27
PID 884 wrote to memory of 2004	884	regsvr32.exe	27
PID 884 wrote to memory of 2004	884	regsvr32.exe	27
PID 884 wrote to memory of 2004	884	regsvr32.exe	27
PID 884 wrote to memory of 2004	884	regsvr32.exe	27
PID 884 wrote to memory of 2004	884	regsvr32.exe	27
PID 884 wrote to memory of 2004	884	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f08ebf939ffca77696b2644523f265f1b0fe9b2e37dd5d612e92e835df2304d9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:884
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f08ebf939ffca77696b2644523f265f1b0fe9b2e37dd5d612e92e835df2304d9.dll
  2⤵
  PID:2004

memory/884-54-0x000007FEFB731000-0x000007FEFB733000-memory.dmp

Filesize
8KB

Download
memory/2004-55-0x0000000000000000-mapping.dmp

Download
memory/2004-56-0x0000000075DF1000-0x0000000075DF3000-memory.dmp

Filesize
8KB

Download