2d418e4156e9843c7241a9ccd3921a3f352c9fc458c30b40167720f84141d600

Analysis

max time kernel
38s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 09:04

Target

2d418e4156e9843c7241a9ccd3921a3f352c9fc458c30b40167720f84141d600.dll
Size

101KB
MD5

803017197725fb8bd5ba2635f1166265
SHA1

4b943775910b42589279fae8d60f1ba34535716e
SHA256

2d418e4156e9843c7241a9ccd3921a3f352c9fc458c30b40167720f84141d600
SHA512

c24fb0bf0ebbd9908ad1b8835907b50f4239c8024e45278df84d959a575b908665b6763deae851fe00213bba67820cf597bda0a5658399965dfddea31bb3ba0b
SSDEEP

1536:nhd7JB21pE0nPQT4XWK6qniv0tEZmN/Cu2iK1R0VX4qYdW107JEwhDMCC4EYM8Mt:u/6zv0ip0VbOEdYMHnWot

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 1548	1132	regsvr32.exe	27
PID 1132 wrote to memory of 1548	1132	regsvr32.exe	27
PID 1132 wrote to memory of 1548	1132	regsvr32.exe	27
PID 1132 wrote to memory of 1548	1132	regsvr32.exe	27
PID 1132 wrote to memory of 1548	1132	regsvr32.exe	27
PID 1132 wrote to memory of 1548	1132	regsvr32.exe	27
PID 1132 wrote to memory of 1548	1132	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2d418e4156e9843c7241a9ccd3921a3f352c9fc458c30b40167720f84141d600.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2d418e4156e9843c7241a9ccd3921a3f352c9fc458c30b40167720f84141d600.dll
  2⤵
  PID:1548

memory/1132-54-0x000007FEFB8D1000-0x000007FEFB8D3000-memory.dmp

Filesize
8KB

Download
memory/1548-56-0x0000000075561000-0x0000000075563000-memory.dmp

Filesize
8KB

Download
memory/1548-57-0x0000000000230000-0x0000000000276000-memory.dmp

Filesize
280KB

Download