8f7e48d78cdd0936e75469d934386ab6e30f9a8faea332297b174e6071b19319

Analysis

max time kernel
48s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 23:09

Target

8f7e48d78cdd0936e75469d934386ab6e30f9a8faea332297b174e6071b19319.dll
Size

268KB
MD5

912b529fe4581cbd1f2e2567ecc0d254
SHA1

6fcaf3499ff9881dfe6eb67a1c2c2b73590fa22e
SHA256

8f7e48d78cdd0936e75469d934386ab6e30f9a8faea332297b174e6071b19319
SHA512

bf3e1e41c3d1d6e6e5388c45fcc9344b5da245ba9b559f2d3a254f4694bc46bc32ed670bc1c0689c9bcd00f01dbc57df021e81f7621adb263d39e47f14481cc2
SSDEEP

6144:FT1WGsZOHWj7+gRnrmIjm347FLfPFsVHDqj4:FT1tsZOE+gdrhK3MnFsVR

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 1612	1544	regsvr32.exe	26
PID 1544 wrote to memory of 1612	1544	regsvr32.exe	26
PID 1544 wrote to memory of 1612	1544	regsvr32.exe	26
PID 1544 wrote to memory of 1612	1544	regsvr32.exe	26
PID 1544 wrote to memory of 1612	1544	regsvr32.exe	26
PID 1544 wrote to memory of 1612	1544	regsvr32.exe	26
PID 1544 wrote to memory of 1612	1544	regsvr32.exe	26

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8f7e48d78cdd0936e75469d934386ab6e30f9a8faea332297b174e6071b19319.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\8f7e48d78cdd0936e75469d934386ab6e30f9a8faea332297b174e6071b19319.dll
  2⤵
  PID:1612

memory/1544-54-0x000007FEFBB71000-0x000007FEFBB73000-memory.dmp

Filesize
8KB

Download
memory/1612-56-0x0000000075681000-0x0000000075683000-memory.dmp

Filesize
8KB

Download