4a3f719a6d2b6d54e1ed711198c4905ad33fb473e66767cc4bed976424611437

Analysis

max time kernel
40s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21/11/2022, 11:01

Target

4a3f719a6d2b6d54e1ed711198c4905ad33fb473e66767cc4bed976424611437.dll
Size

315KB
MD5

309a6b21816cd94fe410bf0181525440
SHA1

200d7d39d8fca31ed18f19c45946588ccb95f509
SHA256

4a3f719a6d2b6d54e1ed711198c4905ad33fb473e66767cc4bed976424611437
SHA512

c6ff22879ad566cc17c8390ab272f4836a2c48db44b1a6df5c9c063fa22c9ee5a305083fcbee58b509c917f3afadf3a6e8cf484e80590e274f2fd463366dc08f
SSDEEP

6144:5+9JrUS0oFZ9ES6RSRHsvfjp8PYLeB8l9gqXrC:5+DrUY3eMRHsH2mi8l9gqXr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1132 wrote to memory of 1548	1132	regsvr32.exe	27
PID 1132 wrote to memory of 1548	1132	regsvr32.exe	27
PID 1132 wrote to memory of 1548	1132	regsvr32.exe	27
PID 1132 wrote to memory of 1548	1132	regsvr32.exe	27
PID 1132 wrote to memory of 1548	1132	regsvr32.exe	27
PID 1132 wrote to memory of 1548	1132	regsvr32.exe	27
PID 1132 wrote to memory of 1548	1132	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4a3f719a6d2b6d54e1ed711198c4905ad33fb473e66767cc4bed976424611437.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4a3f719a6d2b6d54e1ed711198c4905ad33fb473e66767cc4bed976424611437.dll
  2⤵
  PID:1548

memory/1132-54-0x000007FEFB8D1000-0x000007FEFB8D3000-memory.dmp

Filesize
8KB

Download
memory/1548-56-0x0000000075561000-0x0000000075563000-memory.dmp

Filesize
8KB

Download