2f3e7bef4f4d2a8e56f4b7436af1da37e2d35cba25833a838864828b8ede5e34

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 03:29

Target

2f3e7bef4f4d2a8e56f4b7436af1da37e2d35cba25833a838864828b8ede5e34.dll
Size

636KB
MD5

801f5d4cbabe46f43beb87cb353cb2f7
SHA1

aa4b98336e110aea1d4fb07d1cfecc3870da3035
SHA256

2f3e7bef4f4d2a8e56f4b7436af1da37e2d35cba25833a838864828b8ede5e34
SHA512

e5877f393fc3ff2c85cf7aadac2bc9bb381299d99bd488c3624a63bb04041b8b02f127439cd337f8b64b668bc395523d50f7d25b29c7b703a6742272d67e1bd8
SSDEEP

12288:jHztGB6l9ia4Lv68yoaaPu5vb+YF/zYwrwof8i:jJGwl9ia4Lv68yoaam5vb+u/zlUK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 1124	1468	regsvr32.exe	27
PID 1468 wrote to memory of 1124	1468	regsvr32.exe	27
PID 1468 wrote to memory of 1124	1468	regsvr32.exe	27
PID 1468 wrote to memory of 1124	1468	regsvr32.exe	27
PID 1468 wrote to memory of 1124	1468	regsvr32.exe	27
PID 1468 wrote to memory of 1124	1468	regsvr32.exe	27
PID 1468 wrote to memory of 1124	1468	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2f3e7bef4f4d2a8e56f4b7436af1da37e2d35cba25833a838864828b8ede5e34.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2f3e7bef4f4d2a8e56f4b7436af1da37e2d35cba25833a838864828b8ede5e34.dll
  2⤵
  PID:1124

memory/1124-56-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download
memory/1468-54-0x000007FEFC5A1000-0x000007FEFC5A3000-memory.dmp

Filesize
8KB

Download