2484e82930006e74001a40a4c688dc23f09e8f0dede765af7fc2985657c6b4cb

Analysis

max time kernel
32s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 18:53

Target

2484e82930006e74001a40a4c688dc23f09e8f0dede765af7fc2985657c6b4cb.dll
Size

120KB
MD5

00cbbe2d80d3812dbed166c0a64baee5
SHA1

e372993ceb84983e76c8dfe664452aa9f8edc8bb
SHA256

2484e82930006e74001a40a4c688dc23f09e8f0dede765af7fc2985657c6b4cb
SHA512

b1371a17e75df3c0645f3406a291b0ed57a8a3953b874773b4804df99fa508f1a8241df26476b36dba4b39ca7d2657257979d4d7944e7348176c03b21bf851a5
SSDEEP

1536:JhqqQFDf6MmbFmWImx6Ay15WnDQYEM6ss144:liDfUoDm4A5nDQ1f

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 1988	900	regsvr32.exe	27
PID 900 wrote to memory of 1988	900	regsvr32.exe	27
PID 900 wrote to memory of 1988	900	regsvr32.exe	27
PID 900 wrote to memory of 1988	900	regsvr32.exe	27
PID 900 wrote to memory of 1988	900	regsvr32.exe	27
PID 900 wrote to memory of 1988	900	regsvr32.exe	27
PID 900 wrote to memory of 1988	900	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2484e82930006e74001a40a4c688dc23f09e8f0dede765af7fc2985657c6b4cb.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:900
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2484e82930006e74001a40a4c688dc23f09e8f0dede765af7fc2985657c6b4cb.dll
  2⤵
  PID:1988

memory/900-54-0x000007FEFB5C1000-0x000007FEFB5C3000-memory.dmp

Filesize
8KB

Download
memory/1988-56-0x0000000075571000-0x0000000075573000-memory.dmp

Filesize
8KB

Download