ae863a881fd5ad7ea77af256beaad079bc1bf8145cab845488c846a7c35a2d7d

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 11:09

Target

ae863a881fd5ad7ea77af256beaad079bc1bf8145cab845488c846a7c35a2d7d.dll
Size

128KB
MD5

2107c098d96acc92446116863c569622
SHA1

2ab4ce01e26a3101484d543e2e1c4648e79c9d2c
SHA256

ae863a881fd5ad7ea77af256beaad079bc1bf8145cab845488c846a7c35a2d7d
SHA512

a6d645453ab6f94bbf1421d4c247378edae7f91fb19717e83686f9d53e2227b1ada4992681a4deee84c3c31710dfb0cc88bb33a6b8d1ef99430e46531f85c75d
SSDEEP

1536:/kUgJ+DiTC2tOmXbJVaK3R0XMJ33iU5hVXl7NeLZ61due6moMNNlltdgHXTzHrz3:8TTOubqoNNfoh

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 1068	1456	regsvr32.exe	27
PID 1456 wrote to memory of 1068	1456	regsvr32.exe	27
PID 1456 wrote to memory of 1068	1456	regsvr32.exe	27
PID 1456 wrote to memory of 1068	1456	regsvr32.exe	27
PID 1456 wrote to memory of 1068	1456	regsvr32.exe	27
PID 1456 wrote to memory of 1068	1456	regsvr32.exe	27
PID 1456 wrote to memory of 1068	1456	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ae863a881fd5ad7ea77af256beaad079bc1bf8145cab845488c846a7c35a2d7d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ae863a881fd5ad7ea77af256beaad079bc1bf8145cab845488c846a7c35a2d7d.dll
  2⤵
  PID:1068

memory/1068-56-0x0000000074B51000-0x0000000074B53000-memory.dmp

Filesize
8KB

Download
memory/1456-54-0x000007FEFB771000-0x000007FEFB773000-memory.dmp

Filesize
8KB

Download