f974dbe0eeddd300d7b285a3d8a25c828ef58c93f47cd44a55735938ee14e189

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20-10-2022 06:43

Target

f974dbe0eeddd300d7b285a3d8a25c828ef58c93f47cd44a55735938ee14e189.dll
Size

465KB
MD5

8185262e3855d0c86c69c7fcc906b7c0
SHA1

cb5042dc99dbd0ddc27685184471b6ade63fb4c1
SHA256

f974dbe0eeddd300d7b285a3d8a25c828ef58c93f47cd44a55735938ee14e189
SHA512

0268e3590ca6ec9f147a36b736c4c9ea4122e83cbe4163fe5479d2111a17a7e1f010fa98b56fef5ac5890d38e3ac4d873bfdc7aa55a2f465fbfd78ce13604591
SSDEEP

12288:qslcS+k8Meq/nxykRVbyLIxoNb0it2zsWySf0KY5nyWySf0KY5nT6Y2HhX+:fKSBeq/xykRhEHz2wq8znyq8znh2Hhu

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 908	1060	regsvr32.exe	27
PID 1060 wrote to memory of 908	1060	regsvr32.exe	27
PID 1060 wrote to memory of 908	1060	regsvr32.exe	27
PID 1060 wrote to memory of 908	1060	regsvr32.exe	27
PID 1060 wrote to memory of 908	1060	regsvr32.exe	27
PID 1060 wrote to memory of 908	1060	regsvr32.exe	27
PID 1060 wrote to memory of 908	1060	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f974dbe0eeddd300d7b285a3d8a25c828ef58c93f47cd44a55735938ee14e189.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f974dbe0eeddd300d7b285a3d8a25c828ef58c93f47cd44a55735938ee14e189.dll
  2⤵
  PID:908

memory/908-55-0x0000000000000000-mapping.dmp

Download
memory/908-56-0x0000000075021000-0x0000000075023000-memory.dmp

Filesize
8KB

Download
memory/1060-54-0x000007FEFBDE1000-0x000007FEFBDE3000-memory.dmp

Filesize
8KB

Download