e205555fbd6d109a9a32431382bd8745d71179fbe14fb76f9ab828d9ebe7d613

Analysis

max time kernel
407s
max time network
410s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
26-10-2022 23:10

Target

70ece5ae78f8dd1c2735fcdae1bc47e31e51d9d269b566739fdfdd4e8d0a6a01_unpacked.dll
Size

164KB
MD5

652cb04e3d6f4e98c15be4b24491746d
SHA1

6674de424c35f60ce4ec0de0748f42cd9358e13a
SHA256

e205555fbd6d109a9a32431382bd8745d71179fbe14fb76f9ab828d9ebe7d613
SHA512

a1ff962344c3033dd564f32427becd3f3229069421495531b454256f8b5157fa70568892c145a5b7c2ce3f90e7abdf5c3a1c176e32d3889d7b6fc8bb7554f6c6
SSDEEP

3072:lynJKNEl7ch0OsPmznxv8yNZzeH0+Q+6c5an7utrE91r6:lOKQw0qnxvOH0+x6cE7v912

Score

1^/10

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
736	regsvr32.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 1560	736	regsvr32.exe	27
PID 736 wrote to memory of 1560	736	regsvr32.exe	27
PID 736 wrote to memory of 1560	736	regsvr32.exe	27
PID 736 wrote to memory of 1560	736	regsvr32.exe	27
PID 736 wrote to memory of 1560	736	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\70ece5ae78f8dd1c2735fcdae1bc47e31e51d9d269b566739fdfdd4e8d0a6a01_unpacked.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:736
- C:\Windows\system32\regsvr32.exe
  C:\Windows\system32\regsvr32.exe "C:\Windows\system32\PJgHYobUL\KqXRwKOFhAjdCPP.dll"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1560

memory/736-54-0x000007FEFB991000-0x000007FEFB993000-memory.dmp

Filesize
8KB

Download