be74d491af3349689a71861db275b6fa70e99f64d80f15b133806204826d6b66

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21-11-2022 10:27

Target

be74d491af3349689a71861db275b6fa70e99f64d80f15b133806204826d6b66.dll
Size

1000KB
MD5

2cee2c5befd44c1eb00a1e7d76e4d1d0
SHA1

abd034a12d78114818fdd2508c3e29b7826167d7
SHA256

be74d491af3349689a71861db275b6fa70e99f64d80f15b133806204826d6b66
SHA512

45f0e8b8b3a5f77ccf3136b7ed56e0ad5c10285dadd05dddb4921320bc7246496eec5ec4ec96a1ddb278e317a753f6fef80cf46ae0ac3676d5c9857f3cde02a1
SSDEEP

12288:arzsLi03dhTpRfhQtQdPtEqIIwEFw3F2yxTnuvTCiK/aX:avsLi0thf7tEqI5EM24urJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 1224	1212	regsvr32.exe	28
PID 1212 wrote to memory of 1224	1212	regsvr32.exe	28
PID 1212 wrote to memory of 1224	1212	regsvr32.exe	28
PID 1212 wrote to memory of 1224	1212	regsvr32.exe	28
PID 1212 wrote to memory of 1224	1212	regsvr32.exe	28
PID 1212 wrote to memory of 1224	1212	regsvr32.exe	28
PID 1212 wrote to memory of 1224	1212	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\be74d491af3349689a71861db275b6fa70e99f64d80f15b133806204826d6b66.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\be74d491af3349689a71861db275b6fa70e99f64d80f15b133806204826d6b66.dll
  2⤵
  PID:1224

memory/1212-54-0x000007FEFC581000-0x000007FEFC583000-memory.dmp

Filesize
8KB

Download
memory/1224-56-0x0000000076711000-0x0000000076713000-memory.dmp

Filesize
8KB

Download