944460d88968758db1f6732036c36de96bf4d0c982897746f9aa0736ea9cc7cc

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 08:27

Target

944460d88968758db1f6732036c36de96bf4d0c982897746f9aa0736ea9cc7cc.dll
Size

642KB
MD5

818a108c3653c03594ede7d9c32913aa
SHA1

3e503753ed1ffa8276a3e781097e7e54377934b0
SHA256

944460d88968758db1f6732036c36de96bf4d0c982897746f9aa0736ea9cc7cc
SHA512

7e8e3ebfe7daa04c0d73dbdd1311362b8034129b161989716934ac0e8f654d284f3d73501c303e7390ca26676ff53ec555dfa361f9df0dfc4f98b2da7f8b465b
SSDEEP

12288:F6VsEx8Y9I+vbDjkvqfnNj38UESam/MSQQEy:F89Tv7aonNo5Sam/MhQE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 752 wrote to memory of 896	752	regsvr32.exe	27
PID 752 wrote to memory of 896	752	regsvr32.exe	27
PID 752 wrote to memory of 896	752	regsvr32.exe	27
PID 752 wrote to memory of 896	752	regsvr32.exe	27
PID 752 wrote to memory of 896	752	regsvr32.exe	27
PID 752 wrote to memory of 896	752	regsvr32.exe	27
PID 752 wrote to memory of 896	752	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\944460d88968758db1f6732036c36de96bf4d0c982897746f9aa0736ea9cc7cc.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:752
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\944460d88968758db1f6732036c36de96bf4d0c982897746f9aa0736ea9cc7cc.dll
  2⤵
  PID:896

memory/752-54-0x000007FEFC161000-0x000007FEFC163000-memory.dmp

Filesize
8KB

Download
memory/896-56-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download
memory/896-57-0x00000000002B1000-0x0000000000338000-memory.dmp

Filesize
540KB

Download