0d3a1ed00df68a54b21422775347cb8472d6b7b53133bce4ac161dfdbcff853e

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 02:25

Target

0d3a1ed00df68a54b21422775347cb8472d6b7b53133bce4ac161dfdbcff853e.dll
Size

104KB
MD5

7790efc6f92bc0218bc8ff031013e709
SHA1

8f3b31c1844c0ea4c84ce7cb9197dc7ba0446a73
SHA256

0d3a1ed00df68a54b21422775347cb8472d6b7b53133bce4ac161dfdbcff853e
SHA512

82244d539ef2167c6634758d31e4d0d036b2d18dc1e5b652a304f28b0df8a990d67407bd47c3828522d2a80008028cc5c4e9aa2843c118b30be0b87b8d313cb9
SSDEEP

3072:c3q/gc0pVHTD17YxWpHWiQwLrGuF/Eq6xDihcc9:c3q4c6lT5UgpHDKsEq6xM

Score

1^/10

Modifies registry class 3 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RegisterControl.Register\ = "Registration Control"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RegisterControl.Register\CurVer\ = "RegisterControl.Register.1"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\RegisterControl.Register.1\ = "Registration Control"	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 948	2028	regsvr32.exe	27
PID 2028 wrote to memory of 948	2028	regsvr32.exe	27
PID 2028 wrote to memory of 948	2028	regsvr32.exe	27
PID 2028 wrote to memory of 948	2028	regsvr32.exe	27
PID 2028 wrote to memory of 948	2028	regsvr32.exe	27
PID 2028 wrote to memory of 948	2028	regsvr32.exe	27
PID 2028 wrote to memory of 948	2028	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0d3a1ed00df68a54b21422775347cb8472d6b7b53133bce4ac161dfdbcff853e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0d3a1ed00df68a54b21422775347cb8472d6b7b53133bce4ac161dfdbcff853e.dll
  2⤵
  - Modifies registry class
  PID:948

memory/948-55-0x0000000000000000-mapping.dmp

Download
memory/948-56-0x00000000759F1000-0x00000000759F3000-memory.dmp

Filesize
8KB

Download
memory/948-58-0x0000000000270000-0x000000000027F000-memory.dmp

Filesize
60KB

Download
memory/948-57-0x0000000000220000-0x000000000022F000-memory.dmp

Filesize
60KB

Download
memory/2028-54-0x000007FEFBEE1000-0x000007FEFBEE3000-memory.dmp

Filesize
8KB

Download