f9c77a728c3681991b6db2c7490ddc2952696f5b9480cb542419c4c9b1fc2781

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 06:48

Target

f9c77a728c3681991b6db2c7490ddc2952696f5b9480cb542419c4c9b1fc2781.dll
Size

816KB
MD5

31b942204dcd32f52e77e26b1fb26f10
SHA1

e948ffce824c56fdc152075e15182532abb13b61
SHA256

f9c77a728c3681991b6db2c7490ddc2952696f5b9480cb542419c4c9b1fc2781
SHA512

6cd408792e2a970ed5182c317cb839d07c1ca1bfc99b702383eacbd14f59979a61ab9f8fa4195e33f15f475afee2e71857cb9359fd61c042bfa0b64c28dcea92
SSDEEP

12288:jW6JBHx549n5QCj4yjKlpiQIuZWi3anTgoc15F8:3JXOn5ZhQWi3CTNcm

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 1628	1096	regsvr32.exe	27
PID 1096 wrote to memory of 1628	1096	regsvr32.exe	27
PID 1096 wrote to memory of 1628	1096	regsvr32.exe	27
PID 1096 wrote to memory of 1628	1096	regsvr32.exe	27
PID 1096 wrote to memory of 1628	1096	regsvr32.exe	27
PID 1096 wrote to memory of 1628	1096	regsvr32.exe	27
PID 1096 wrote to memory of 1628	1096	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f9c77a728c3681991b6db2c7490ddc2952696f5b9480cb542419c4c9b1fc2781.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f9c77a728c3681991b6db2c7490ddc2952696f5b9480cb542419c4c9b1fc2781.dll
  2⤵
  PID:1628

memory/1096-54-0x000007FEFC291000-0x000007FEFC293000-memory.dmp

Filesize
8KB

Download
memory/1628-56-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

Filesize
8KB

Download