eeae39b8ec94565046dcf63a5516fc46a5266e9effa1ee24fae9dcd1f611c6fd

Analysis

max time kernel
10s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
20/10/2022, 12:25

Target

eeae39b8ec94565046dcf63a5516fc46a5266e9effa1ee24fae9dcd1f611c6fd.dll
Size

164KB
MD5

4a64e853745b58a4f70d917566c948b0
SHA1

78c68f3a81a83bb8276bab954310544e7c5d1fcd
SHA256

eeae39b8ec94565046dcf63a5516fc46a5266e9effa1ee24fae9dcd1f611c6fd
SHA512

31225f09a0b89af4377c17e95426ab089a4689e9bbc1b0e6edf78e15adabddeb1483ded52bfcc991f46d3982d9eb96fe2bc7eccd288022b211900a34ef6da872
SSDEEP

3072:jU+zTL8SEs9ulWcVwUN2GjkuKZIAX9Cb8YQaYNBUpSSk/Jo6mmwe:gOTZAljVwQgX9e4Npq6mm/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 684	1204	regsvr32.exe	28
PID 1204 wrote to memory of 684	1204	regsvr32.exe	28
PID 1204 wrote to memory of 684	1204	regsvr32.exe	28
PID 1204 wrote to memory of 684	1204	regsvr32.exe	28
PID 1204 wrote to memory of 684	1204	regsvr32.exe	28
PID 1204 wrote to memory of 684	1204	regsvr32.exe	28
PID 1204 wrote to memory of 684	1204	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\eeae39b8ec94565046dcf63a5516fc46a5266e9effa1ee24fae9dcd1f611c6fd.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\eeae39b8ec94565046dcf63a5516fc46a5266e9effa1ee24fae9dcd1f611c6fd.dll
  2⤵
  PID:684

memory/684-56-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download
memory/1204-54-0x000007FEFC101000-0x000007FEFC103000-memory.dmp

Filesize
8KB

Download