3c24e0b57f4892ff3140ca975c48d8ea346f407e779cc70aeb070856445fc9f3

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 04:03

Target

3c24e0b57f4892ff3140ca975c48d8ea346f407e779cc70aeb070856445fc9f3.dll
Size

120KB
MD5

3e2efb5768857bda471e704222ca70f0
SHA1

41ec9c5d00298dc5498151a5d121798d8a7e2ec0
SHA256

3c24e0b57f4892ff3140ca975c48d8ea346f407e779cc70aeb070856445fc9f3
SHA512

afce110642735482d1ba3c580ca154c11c5cd53159a451db68857730690433cb80c9b773b3e97b908a532f5b3359fb39a065ba58393a195e304258c77b1e7b28
SSDEEP

1536:Z+qCQmOszcIoWkwKnlAlv4Jpo0WZvozv/rEpncOO6:m3OeoyH2gNsgcOL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1128	2016	regsvr32.exe	26
PID 2016 wrote to memory of 1128	2016	regsvr32.exe	26
PID 2016 wrote to memory of 1128	2016	regsvr32.exe	26
PID 2016 wrote to memory of 1128	2016	regsvr32.exe	26
PID 2016 wrote to memory of 1128	2016	regsvr32.exe	26
PID 2016 wrote to memory of 1128	2016	regsvr32.exe	26
PID 2016 wrote to memory of 1128	2016	regsvr32.exe	26

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3c24e0b57f4892ff3140ca975c48d8ea346f407e779cc70aeb070856445fc9f3.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3c24e0b57f4892ff3140ca975c48d8ea346f407e779cc70aeb070856445fc9f3.dll
  2⤵
  PID:1128

memory/1128-56-0x0000000075A71000-0x0000000075A73000-memory.dmp

Filesize
8KB

Download
memory/2016-54-0x000007FEFC2F1000-0x000007FEFC2F3000-memory.dmp

Filesize
8KB

Download