a73a2a62ae4af9cf902a4a2b11a650913abcecab22d322bb11be0c6df5fdcb27

Analysis

max time kernel
21s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07-11-2022 05:10

Target

a73a2a62ae4af9cf902a4a2b11a650913abcecab22d322bb11be0c6df5fdcb27.dll
Size

20KB
MD5

0f28c728e7767b55f06862af0023bc4a
SHA1

9a8326943a893dd155e8bdf20f0a7e3258523f5e
SHA256

a73a2a62ae4af9cf902a4a2b11a650913abcecab22d322bb11be0c6df5fdcb27
SHA512

241d6df78659312b4815bf4dd0e8dd289e353f32f32a634e49132e87376b1f190cd0dab76a4d08a6ea4e8a64e539d53319187b2f52b8fbd662a31b082dc95f31
SSDEEP

384:4+WWTEcWgo1j6oGrC8NkIQPMyG+9lIvgkRUKmYB5oLrRYJIjnQohRIBS:41jJDL8NkNP6+9lIgKm7LtOynpSS

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 1780	1792	regsvr32.exe	28
PID 1792 wrote to memory of 1780	1792	regsvr32.exe	28
PID 1792 wrote to memory of 1780	1792	regsvr32.exe	28
PID 1792 wrote to memory of 1780	1792	regsvr32.exe	28
PID 1792 wrote to memory of 1780	1792	regsvr32.exe	28
PID 1792 wrote to memory of 1780	1792	regsvr32.exe	28
PID 1792 wrote to memory of 1780	1792	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a73a2a62ae4af9cf902a4a2b11a650913abcecab22d322bb11be0c6df5fdcb27.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a73a2a62ae4af9cf902a4a2b11a650913abcecab22d322bb11be0c6df5fdcb27.dll
  2⤵
  PID:1780

memory/1780-55-0x0000000000000000-mapping.dmp

Download
memory/1780-56-0x0000000076321000-0x0000000076323000-memory.dmp

Filesize
8KB

Download
memory/1792-54-0x000007FEFBD01000-0x000007FEFBD03000-memory.dmp

Filesize
8KB

Download