9ff6ed22b0bb27e9a7f62891966d86c6cb81c6100adffe2e1a257630c5b91ed2

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 07:06

Target

9ff6ed22b0bb27e9a7f62891966d86c6cb81c6100adffe2e1a257630c5b91ed2.dll
Size

116KB
MD5

6667340d60b23e94cfb992c4246bafe3
SHA1

455891bd0ef73120f97f7edf567954928d70d379
SHA256

9ff6ed22b0bb27e9a7f62891966d86c6cb81c6100adffe2e1a257630c5b91ed2
SHA512

a9e2d9af3951815c4b6d22354b6fabc506e90986b27b3f58025e4f2f6c12c25bc15071dd23964c31d35d53c5b63e91a3a1054dea12c45737cf98fb4220e20324
SSDEEP

1536:t395XZIcLULq26TtxohYBNxTxKaelcIJCcBIkLjV5By+ULvNsWbr0OP/rEtJWAEN:ZHXZI76TvhxT4LtV33klsWBPQt4AEN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 1992	1760	regsvr32.exe	28
PID 1760 wrote to memory of 1992	1760	regsvr32.exe	28
PID 1760 wrote to memory of 1992	1760	regsvr32.exe	28
PID 1760 wrote to memory of 1992	1760	regsvr32.exe	28
PID 1760 wrote to memory of 1992	1760	regsvr32.exe	28
PID 1760 wrote to memory of 1992	1760	regsvr32.exe	28
PID 1760 wrote to memory of 1992	1760	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9ff6ed22b0bb27e9a7f62891966d86c6cb81c6100adffe2e1a257630c5b91ed2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\9ff6ed22b0bb27e9a7f62891966d86c6cb81c6100adffe2e1a257630c5b91ed2.dll
  2⤵
  PID:1992

memory/1760-54-0x000007FEFB741000-0x000007FEFB743000-memory.dmp

Filesize
8KB

Download
memory/1992-56-0x0000000075281000-0x0000000075283000-memory.dmp

Filesize
8KB

Download