651376c36eec23cc11fb73e2577e1cf551ffbe28ff01dd00d5a2872853fc9b43

Analysis

max time kernel
42s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 21:09

Target

651376c36eec23cc11fb73e2577e1cf551ffbe28ff01dd00d5a2872853fc9b43.dll
Size

174KB
MD5

06587f43bdf6c856fd0b8c8efaa89aa0
SHA1

a782eb8eda5b9da27b52be121f0e620c6f5b443f
SHA256

651376c36eec23cc11fb73e2577e1cf551ffbe28ff01dd00d5a2872853fc9b43
SHA512

ac53ff8eeabc6a38c44606f2fed75b6bbf1b908badfe08a33e5246fa102edca1c9fd098a2ad2d12326ca432de298c15983872c59fc897239619e51c89a0ab955
SSDEEP

3072:VOp3OAKkjU2t3N46LHkzMe056LLA6rBe7k9+ECfPR8vJge27bDH:VOMAKLTIKn/xrak9+HhiJL2

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\651376c36eec23cc11fb73e2577e1cf551ffbe28ff01dd00d5a2872853fc9b43.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\651376c36eec23cc11fb73e2577e1cf551ffbe28ff01dd00d5a2872853fc9b43.dll
  2⤵
  PID:1720

memory/1672-54-0x000007FEFB7F1000-0x000007FEFB7F3000-memory.dmp

Filesize
8KB

Download
memory/1720-55-0x0000000000000000-mapping.dmp

Download
memory/1720-56-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download