dc59cb56371f411b4d9bb0bd470ff8f0dd6d691d7ce87298db6883f37cf2fc26

Analysis

max time kernel
36s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 16:24

Target

dc59cb56371f411b4d9bb0bd470ff8f0dd6d691d7ce87298db6883f37cf2fc26.exe
Size

224KB
MD5

2b76654e120996f5d6a7eca2ccaf4cd3
SHA1

33cf25419948b244bc082f1cefd949dc2ac96ec2
SHA256

dc59cb56371f411b4d9bb0bd470ff8f0dd6d691d7ce87298db6883f37cf2fc26
SHA512

24b96e4e7026695ee62b2b92402cbfbb8d205888c195938bd1c16cc7f2c321b8ba66e2d389b124c2f5629c9e484f066f2b2cbce339e8ed6fd4c780054bd15a2f
SSDEEP

3072:LJZ5h3uc6z/TBdSITmxrT7fsVwiMAQHp8EQreRpYlutDlemSLH4x:lZOtz2ITc6Yp8EQreQGB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 912	2020	regsvr32.exe	28
PID 2020 wrote to memory of 912	2020	regsvr32.exe	28
PID 2020 wrote to memory of 912	2020	regsvr32.exe	28
PID 2020 wrote to memory of 912	2020	regsvr32.exe	28
PID 2020 wrote to memory of 912	2020	regsvr32.exe	28
PID 2020 wrote to memory of 912	2020	regsvr32.exe	28
PID 2020 wrote to memory of 912	2020	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dc59cb56371f411b4d9bb0bd470ff8f0dd6d691d7ce87298db6883f37cf2fc26.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\dc59cb56371f411b4d9bb0bd470ff8f0dd6d691d7ce87298db6883f37cf2fc26.exe
  2⤵
  PID:912

memory/912-56-0x00000000751A1000-0x00000000751A3000-memory.dmp

Filesize
8KB

Download
memory/2020-54-0x000007FEFBD01000-0x000007FEFBD03000-memory.dmp

Filesize
8KB

Download