92124fe74522fe74e02cfc00c54c8dfe9156119091ce3db0509312152520c8d2

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 05:27

Target

92124fe74522fe74e02cfc00c54c8dfe9156119091ce3db0509312152520c8d2.dll
Size

85KB
MD5

321ee307ff59c64f6f1ce60774b3c310
SHA1

630b27da0789027529fc64a2645411d523b8b5ba
SHA256

92124fe74522fe74e02cfc00c54c8dfe9156119091ce3db0509312152520c8d2
SHA512

135be0fef7a85d6ff44b15001118ffe71f2fef0ddbc282bca891dede215c986957a24813aa38a5135561348808c10bb9cf5479cfaa0972842e01ae19c3a78131
SSDEEP

1536:TUjTpjMKgKvC2qioi1qDvq6nbrOZuCTMPzjxXQGblyU:TYgsZ1WvJnHOvTMPhbB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1160	1976	regsvr32.exe	27
PID 1976 wrote to memory of 1160	1976	regsvr32.exe	27
PID 1976 wrote to memory of 1160	1976	regsvr32.exe	27
PID 1976 wrote to memory of 1160	1976	regsvr32.exe	27
PID 1976 wrote to memory of 1160	1976	regsvr32.exe	27
PID 1976 wrote to memory of 1160	1976	regsvr32.exe	27
PID 1976 wrote to memory of 1160	1976	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\92124fe74522fe74e02cfc00c54c8dfe9156119091ce3db0509312152520c8d2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\92124fe74522fe74e02cfc00c54c8dfe9156119091ce3db0509312152520c8d2.dll
  2⤵
  PID:1160

memory/1160-56-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

Filesize
8KB

Download
memory/1160-57-0x00000000001C0000-0x00000000001FF000-memory.dmp

Filesize
252KB

Download
memory/1976-54-0x000007FEFC511000-0x000007FEFC513000-memory.dmp

Filesize
8KB

Download