9c2cc50a7056848da7cfd740da4ccc1eb0f0a79b0f08d89296980ccd0dbe5b1b

Analysis

max time kernel
35s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
28/10/2022, 20:09

Target

9c2cc50a7056848da7cfd740da4ccc1eb0f0a79b0f08d89296980ccd0dbe5b1b.dll
Size

224KB
MD5

0045357470e13bdea4ca00082b960750
SHA1

7e6c24c14d11a678689c8ac0452cd2cc2ac17da7
SHA256

9c2cc50a7056848da7cfd740da4ccc1eb0f0a79b0f08d89296980ccd0dbe5b1b
SHA512

45bf75ac6d87b4b9d7036f5f2b636764092a4d04f5c070629c079ead87a74c169f96f6c299237ba087b08ebc7cc9189ab4d05b451b2921e7e2f72adef715d06b
SSDEEP

6144:ChFaaWEFWdh7e+suQ710uI01niVyxHXaBWUc42wwV:CiJEFIh76Dfim

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 1256	1956	regsvr32.exe	17
PID 1956 wrote to memory of 1256	1956	regsvr32.exe	17
PID 1956 wrote to memory of 1256	1956	regsvr32.exe	17
PID 1956 wrote to memory of 1256	1956	regsvr32.exe	17
PID 1956 wrote to memory of 1256	1956	regsvr32.exe	17
PID 1956 wrote to memory of 1256	1956	regsvr32.exe	17
PID 1956 wrote to memory of 1256	1956	regsvr32.exe	17

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9c2cc50a7056848da7cfd740da4ccc1eb0f0a79b0f08d89296980ccd0dbe5b1b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\9c2cc50a7056848da7cfd740da4ccc1eb0f0a79b0f08d89296980ccd0dbe5b1b.dll
  2⤵
  PID:1256

memory/1256-56-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download
memory/1956-54-0x000007FEFBF21000-0x000007FEFBF23000-memory.dmp

Filesize
8KB

Download