cc79478f85f5a4c49ee4cab3bc95e40100ef1fe7e7943d3f212ff3ba4c44abe2

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/10/2022, 21:41

Target

cc79478f85f5a4c49ee4cab3bc95e40100ef1fe7e7943d3f212ff3ba4c44abe2.dll
Size

588KB
MD5

a1d3aa7f66b69a56ef7ceef21cc9ade0
SHA1

4ded8ae21b6796462b8d7bdb78483ee424925d78
SHA256

cc79478f85f5a4c49ee4cab3bc95e40100ef1fe7e7943d3f212ff3ba4c44abe2
SHA512

cbcc8e3e8891736b7756265a7a5774a78ce974d66c37ac91ec3160ea927dcbd82f09de0f6cba6277f82c13aa2936a024d92008b65b2cd6ebb0663746971a31c5
SSDEEP

768:GJKs4+8ySiYi20XZ9hAV5qtKIZ+2fJcwqVETAz4HMBbsjjRGPZMoFAHV:Zsqi2iG5DIZ+nVETAzFs1foFA1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1112 wrote to memory of 1160	1112	regsvr32.exe	28
PID 1112 wrote to memory of 1160	1112	regsvr32.exe	28
PID 1112 wrote to memory of 1160	1112	regsvr32.exe	28
PID 1112 wrote to memory of 1160	1112	regsvr32.exe	28
PID 1112 wrote to memory of 1160	1112	regsvr32.exe	28
PID 1112 wrote to memory of 1160	1112	regsvr32.exe	28
PID 1112 wrote to memory of 1160	1112	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cc79478f85f5a4c49ee4cab3bc95e40100ef1fe7e7943d3f212ff3ba4c44abe2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1112
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cc79478f85f5a4c49ee4cab3bc95e40100ef1fe7e7943d3f212ff3ba4c44abe2.dll
  2⤵
  PID:1160

memory/1112-54-0x000007FEFBC61000-0x000007FEFBC63000-memory.dmp

Filesize
8KB

Download
memory/1160-56-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download