4da25085c838384622cb4aac3cb798ec32bf82819ed0374df76a401a969f0ae5

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
26/10/2022, 14:15

Target

moccasin/tenseness.dll
Size

502KB
MD5

ec9bb4426fad8b3edaf988b5e3beaa33
SHA1

db72cad6a8e87c802fc7aa71898662d1a3db0ece
SHA256

4512c97dbfd33b86702264a63eaff6c12430e5b275bf7f431f9b525d2bd913cb
SHA512

1edddf9c9984c90de5a9783b1de870a76aac18ed36238426be1770b72e8374a8ba9212d090c8aa90671bf4e03825e4ee6f5ecd57f3e16b318553e288f3d3502b
SSDEEP

6144:KSGYaRyE5Na5otGQkAVFOaqyrvAO87yH3pkNNUoGMHbn/WRCGxIIcAB:DGYGvMc5Eyzi70YNUoj7iB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1900	1976	regsvr32.exe	28
PID 1976 wrote to memory of 1900	1976	regsvr32.exe	28
PID 1976 wrote to memory of 1900	1976	regsvr32.exe	28
PID 1976 wrote to memory of 1900	1976	regsvr32.exe	28
PID 1976 wrote to memory of 1900	1976	regsvr32.exe	28
PID 1976 wrote to memory of 1900	1976	regsvr32.exe	28
PID 1976 wrote to memory of 1900	1976	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\moccasin\tenseness.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\moccasin\tenseness.dll
  2⤵
  PID:1900

memory/1900-56-0x0000000074AB1000-0x0000000074AB3000-memory.dmp

Filesize
8KB

Download
memory/1900-57-0x00000000740B0000-0x0000000074132000-memory.dmp

Filesize
520KB

Download
memory/1900-58-0x00000000740B0000-0x0000000074132000-memory.dmp

Filesize
520KB

Download
memory/1976-54-0x000007FEFB6D1000-0x000007FEFB6D3000-memory.dmp

Filesize
8KB

Download