4c3f3f70e643d2547056692581da7efccf568e147aee0e368491177d1b91d552

Analysis

max time kernel
37s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-10-2022 17:15

Target

4c3f3f70e643d2547056692581da7efccf568e147aee0e368491177d1b91d552.dll
Size

85KB
MD5

9153596e4f093b66bad1f3ddff04f730
SHA1

52bdfeeffdbcf0489cf3fa4c5add4c70a7ee7c41
SHA256

4c3f3f70e643d2547056692581da7efccf568e147aee0e368491177d1b91d552
SHA512

0af2e7c19a9797f1a9c6ab5aa63433d69dd1a4d32913a08b52310d9fc1eb8a1e94dc2a8dca110f1dc6e80ebc95fa2130a78c315f852b2e9f69faacf006a0472f
SSDEEP

1536:2sh17gg8XqctRo4fQVFA27LfWPutVfj+WMUYF5C07HipfDArk4kJTPDc1QrL5:/AXo4fQHA27vDAD5CTprak9d1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 1960	828	regsvr32.exe	28
PID 828 wrote to memory of 1960	828	regsvr32.exe	28
PID 828 wrote to memory of 1960	828	regsvr32.exe	28
PID 828 wrote to memory of 1960	828	regsvr32.exe	28
PID 828 wrote to memory of 1960	828	regsvr32.exe	28
PID 828 wrote to memory of 1960	828	regsvr32.exe	28
PID 828 wrote to memory of 1960	828	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4c3f3f70e643d2547056692581da7efccf568e147aee0e368491177d1b91d552.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:828
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4c3f3f70e643d2547056692581da7efccf568e147aee0e368491177d1b91d552.dll
  2⤵
  PID:1960

memory/828-54-0x000007FEFB881000-0x000007FEFB883000-memory.dmp

Filesize
8KB

Download
memory/1960-56-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download