f7a0c3dc55d63b64c2e46124da4262aafd8bac488e328cfba63357474581e416

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 09:20

Target

f7a0c3dc55d63b64c2e46124da4262aafd8bac488e328cfba63357474581e416.dll
Size

28KB
MD5

085df8b79ffa7d431bc71aebe0ef75ad
SHA1

ec71925dc9a4c841ec8fe187b76945fc371d0d09
SHA256

f7a0c3dc55d63b64c2e46124da4262aafd8bac488e328cfba63357474581e416
SHA512

5a8f3c1a6aaf054e01f38ce019793d5388b2847559228d1aa572b1cb5f97355f01ce585253e24b673a31fac7628daf2540ad3aa4efb4e4149e14d3f48fb5147f
SSDEEP

768:SKSxquONL0GQ7t8IVR2MmUnXjSOjouYreTk:2xquONL0GQ79QpUXOih

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 1332	1760	regsvr32.exe	27
PID 1760 wrote to memory of 1332	1760	regsvr32.exe	27
PID 1760 wrote to memory of 1332	1760	regsvr32.exe	27
PID 1760 wrote to memory of 1332	1760	regsvr32.exe	27
PID 1760 wrote to memory of 1332	1760	regsvr32.exe	27
PID 1760 wrote to memory of 1332	1760	regsvr32.exe	27
PID 1760 wrote to memory of 1332	1760	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f7a0c3dc55d63b64c2e46124da4262aafd8bac488e328cfba63357474581e416.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f7a0c3dc55d63b64c2e46124da4262aafd8bac488e328cfba63357474581e416.dll
  2⤵
  PID:1332

memory/1332-56-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1760-54-0x000007FEFB621000-0x000007FEFB623000-memory.dmp

Filesize
8KB

Download