5b88b1808481d051afc36cc5461b8da5caf33e8ea45ade7df57ddf05e669275f

Analysis

max time kernel
42s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30/10/2022, 17:54

Target

5b88b1808481d051afc36cc5461b8da5caf33e8ea45ade7df57ddf05e669275f.dll
Size

120KB
MD5

81eb26b6ede37c9c102ea83c39a0a9ec
SHA1

672d6b6c3328c4591d2c2b31271a14c379c68ca5
SHA256

5b88b1808481d051afc36cc5461b8da5caf33e8ea45ade7df57ddf05e669275f
SHA512

5f674b0be448c5d492b108e2c548284c0bd79cfedebcc16a1e20f394ded5841f194ba3de7852705af50749e6bb3ca01ae9cfe6bab34ecfab3bf8f16ab29152da
SSDEEP

1536:VnqYQRYv/hV6oqoBtutAughNWa4aoOYAoocVv:J0YtqoTjWa4lOAZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 1196	1944	regsvr32.exe	27
PID 1944 wrote to memory of 1196	1944	regsvr32.exe	27
PID 1944 wrote to memory of 1196	1944	regsvr32.exe	27
PID 1944 wrote to memory of 1196	1944	regsvr32.exe	27
PID 1944 wrote to memory of 1196	1944	regsvr32.exe	27
PID 1944 wrote to memory of 1196	1944	regsvr32.exe	27
PID 1944 wrote to memory of 1196	1944	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5b88b1808481d051afc36cc5461b8da5caf33e8ea45ade7df57ddf05e669275f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5b88b1808481d051afc36cc5461b8da5caf33e8ea45ade7df57ddf05e669275f.dll
  2⤵
  PID:1196

memory/1196-56-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

Filesize
8KB

Download
memory/1944-54-0x000007FEFC511000-0x000007FEFC513000-memory.dmp

Filesize
8KB

Download