bf2c803e04bdc70a45ef8b6180b956c8345858a88afa0341c1fc9358f73b3f77

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
28/10/2022, 18:03

Target

bf2c803e04bdc70a45ef8b6180b956c8345858a88afa0341c1fc9358f73b3f77.dll
Size

236KB
MD5

0e75cce66d891ac7b7e1cbfbbc02fa57
SHA1

f3dd960ede293f16cc0f73772cba0341a4b7a39a
SHA256

bf2c803e04bdc70a45ef8b6180b956c8345858a88afa0341c1fc9358f73b3f77
SHA512

64f749d772447582b5439d218e3c37d9b4ae770d156ffd97fa40ff42e2de2c27ab0a6fc8724511e42fe1e663d4198333f0b28db931760f33cdba50eb5a146d68
SSDEEP

6144:0N2EkHSib6SWhezgdexU42C8XRfj8XRfX:FHSie6soW42C8XRfj8XRfX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 1524	1328	regsvr32.exe	27
PID 1328 wrote to memory of 1524	1328	regsvr32.exe	27
PID 1328 wrote to memory of 1524	1328	regsvr32.exe	27
PID 1328 wrote to memory of 1524	1328	regsvr32.exe	27
PID 1328 wrote to memory of 1524	1328	regsvr32.exe	27
PID 1328 wrote to memory of 1524	1328	regsvr32.exe	27
PID 1328 wrote to memory of 1524	1328	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bf2c803e04bdc70a45ef8b6180b956c8345858a88afa0341c1fc9358f73b3f77.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\bf2c803e04bdc70a45ef8b6180b956c8345858a88afa0341c1fc9358f73b3f77.dll
  2⤵
  PID:1524

memory/1328-54-0x000007FEFBC31000-0x000007FEFBC33000-memory.dmp

Filesize
8KB

Download
memory/1524-56-0x0000000075FE1000-0x0000000075FE3000-memory.dmp

Filesize
8KB

Download