f53831df6ad53b1a6407cc19f37e99af7488b67a67f00196ef6ef46a5c00e886

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 11:41

Target

f53831df6ad53b1a6407cc19f37e99af7488b67a67f00196ef6ef46a5c00e886.dll
Size

856KB
MD5

93464f64e75e47c8c8db2ab9e12844c0
SHA1

ee2cab8d6ece6e898eafd43d4f264fd88f3e1df7
SHA256

f53831df6ad53b1a6407cc19f37e99af7488b67a67f00196ef6ef46a5c00e886
SHA512

f261b543103f613ed70cef21c5d9a0be212b073073cdc9c9821b8ccb069835121a9fb32c416ee49f36ab384d94c89274f3619b1ad484dbffd576a0941d9aa114
SSDEEP

12288:saL5EdlJWxvTBOIuoV80sdf0uRbiKT0oFTpM:lL5EdlJMlo8uRb3TRp6

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f53831df6ad53b1a6407cc19f37e99af7488b67a67f00196ef6ef46a5c00e886.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f53831df6ad53b1a6407cc19f37e99af7488b67a67f00196ef6ef46a5c00e886.dll
  2⤵
  PID:1720

memory/1672-54-0x000007FEFB7F1000-0x000007FEFB7F3000-memory.dmp

Filesize
8KB

Download
memory/1720-56-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download