f48972d5f568dfd8f43da0bc87eca4836ff3057bcea34734961a71ea6a9cfc4c

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
21/11/2022, 10:10

Target

f48972d5f568dfd8f43da0bc87eca4836ff3057bcea34734961a71ea6a9cfc4c.dll
Size

202KB
MD5

3b124988a86552ec4c97cffa13ad07b0
SHA1

cafb9b13463817e647b922be48ea647141a36d14
SHA256

f48972d5f568dfd8f43da0bc87eca4836ff3057bcea34734961a71ea6a9cfc4c
SHA512

cc113d532b0255aacf18d4a0e2e1874a2276c4c488c1289847f44ec32dec3811f64a0eadcbeeb8ec9f48522094022e3c62ca45f48a90c23f621953bcadbe6db6
SSDEEP

3072:ClNHRQjO75p5JMf4wXbTYS0oFTNOMdsI0Y5zg1txFSwkiPFt:m+9JrUS0oFZ9ESgnNkiPF

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 1568	1588	regsvr32.exe	28
PID 1588 wrote to memory of 1568	1588	regsvr32.exe	28
PID 1588 wrote to memory of 1568	1588	regsvr32.exe	28
PID 1588 wrote to memory of 1568	1588	regsvr32.exe	28
PID 1588 wrote to memory of 1568	1588	regsvr32.exe	28
PID 1588 wrote to memory of 1568	1588	regsvr32.exe	28
PID 1588 wrote to memory of 1568	1588	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f48972d5f568dfd8f43da0bc87eca4836ff3057bcea34734961a71ea6a9cfc4c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f48972d5f568dfd8f43da0bc87eca4836ff3057bcea34734961a71ea6a9cfc4c.dll
  2⤵
  PID:1568

memory/1568-56-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

Filesize
8KB

Download
memory/1588-54-0x000007FEFBD41000-0x000007FEFBD43000-memory.dmp

Filesize
8KB

Download