fcef03612612f9cf5f92b4e898dab18de92a589cb3151982ee59b46b95c6f077

Analysis

max time kernel
12s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21/10/2022, 04:34

Target

fcef03612612f9cf5f92b4e898dab18de92a589cb3151982ee59b46b95c6f077.dll
Size

120KB
MD5

75a288f2a374cd852090b816659c0c40
SHA1

45f3548fdae9907d21be9b3e369958920257f76e
SHA256

fcef03612612f9cf5f92b4e898dab18de92a589cb3151982ee59b46b95c6f077
SHA512

3a2f3196b5c11a991e38adb7c3ad1e64dbd653559286a8d98611c18a8bbfcbc5e9b87c15252f16184e3764f27f8d75735e85743954b60632c4dc24ca1f4b9f18
SSDEEP

1536:ZhzGqSQGQ1ADAfRAFMFnc5ZpL/sxUo0qvvW4D3Ij:vQfQ19Rtmpb8U/+vW4D3c

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 1676	1884	regsvr32.exe	28
PID 1884 wrote to memory of 1676	1884	regsvr32.exe	28
PID 1884 wrote to memory of 1676	1884	regsvr32.exe	28
PID 1884 wrote to memory of 1676	1884	regsvr32.exe	28
PID 1884 wrote to memory of 1676	1884	regsvr32.exe	28
PID 1884 wrote to memory of 1676	1884	regsvr32.exe	28
PID 1884 wrote to memory of 1676	1884	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fcef03612612f9cf5f92b4e898dab18de92a589cb3151982ee59b46b95c6f077.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\fcef03612612f9cf5f92b4e898dab18de92a589cb3151982ee59b46b95c6f077.dll
  2⤵
  PID:1676

memory/1676-56-0x0000000076321000-0x0000000076323000-memory.dmp

Filesize
8KB

Download
memory/1676-57-0x00000000002B0000-0x00000000002CE000-memory.dmp

Filesize
120KB

Download
memory/1884-54-0x000007FEFBD01000-0x000007FEFBD03000-memory.dmp

Filesize
8KB

Download