3e0d69d10ab90e9c0a9a81e884f2b9c66c24c22e99b30d3513a2986fb8104156

Analysis

max time kernel
23s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 14:33

Target

3e0d69d10ab90e9c0a9a81e884f2b9c66c24c22e99b30d3513a2986fb8104156.dll
Size

588KB
MD5

04c99da29c47f523e590e22c207263c7
SHA1

1d44023e807063d710d6085c0a89978b1259cc78
SHA256

3e0d69d10ab90e9c0a9a81e884f2b9c66c24c22e99b30d3513a2986fb8104156
SHA512

4026b4efcc09200a9dafec6007eaaf8616609cc6b62306b601409736dcbcdbb6aa6a6497d388d15a8806a91f4e77ff563c08c2bf92988163d8d0fa28031aa7af
SSDEEP

768:Xu8eQu4b2/XZNxAVIkSi2TkKPR2fJcw61UTzS4HMwXYRRGPZMoTiR5:Hpb2/GGi2npX1UTzSIoXfoTm5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1876	1960	regsvr32.exe	28
PID 1960 wrote to memory of 1876	1960	regsvr32.exe	28
PID 1960 wrote to memory of 1876	1960	regsvr32.exe	28
PID 1960 wrote to memory of 1876	1960	regsvr32.exe	28
PID 1960 wrote to memory of 1876	1960	regsvr32.exe	28
PID 1960 wrote to memory of 1876	1960	regsvr32.exe	28
PID 1960 wrote to memory of 1876	1960	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3e0d69d10ab90e9c0a9a81e884f2b9c66c24c22e99b30d3513a2986fb8104156.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3e0d69d10ab90e9c0a9a81e884f2b9c66c24c22e99b30d3513a2986fb8104156.dll
  2⤵
  PID:1876

memory/1876-56-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download
memory/1960-54-0x000007FEFB881000-0x000007FEFB883000-memory.dmp

Filesize
8KB

Download