9d6330de26ad9a5a0ff2b3c08c5cfeaa27c3ff88abb3fff33aa28e004ebdeb71

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
26/10/2022, 16:45

Target

moccasin/dredgers.dll
Size

502KB
MD5

0ee2181d1bbd51aaf09a454e435a0e4a
SHA1

bad18c3ac9d479617a95487bcc1525caa411133c
SHA256

36470382b4b81c0a007ff7c41e1a852cc7d6046e23ec964aa835940dfb3bb2c5
SHA512

47de103a41a116f31d34e1504052b48683c1b633c2a06f72c1ea012c2396c387d532ed7a8045a6a820781879a8b39d93720544d214b8d1f767f52637c6372a77
SSDEEP

6144:KSGYaRyE5Na5otGQkAVFOaqyrIAO87yH3pkNNUoGMHbn/WRCGxIIcAB:DGYGvMc5EyUi70YNUoj7iB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 944	2032	regsvr32.exe	27
PID 2032 wrote to memory of 944	2032	regsvr32.exe	27
PID 2032 wrote to memory of 944	2032	regsvr32.exe	27
PID 2032 wrote to memory of 944	2032	regsvr32.exe	27
PID 2032 wrote to memory of 944	2032	regsvr32.exe	27
PID 2032 wrote to memory of 944	2032	regsvr32.exe	27
PID 2032 wrote to memory of 944	2032	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\moccasin\dredgers.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\moccasin\dredgers.dll
  2⤵
  PID:944

memory/944-56-0x00000000766D1000-0x00000000766D3000-memory.dmp

Filesize
8KB

Download
memory/944-57-0x0000000074E70000-0x0000000074EF2000-memory.dmp

Filesize
520KB

Download
memory/944-58-0x0000000074E70000-0x0000000074EF2000-memory.dmp

Filesize
520KB

Download
memory/2032-54-0x000007FEFC2F1000-0x000007FEFC2F3000-memory.dmp

Filesize
8KB

Download