b237a4a02cbd9135a2ee1a245ba19dfcf294c2d9e109b45081d93d5546d7bf25

Analysis

max time kernel
26s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 13:21

Target

b237a4a02cbd9135a2ee1a245ba19dfcf294c2d9e109b45081d93d5546d7bf25.dll
Size

65KB
MD5

586461220debc3120aa5aa2aa1c0a723
SHA1

da7df07441fc2ae51fae095845e5f6717cb3558c
SHA256

b237a4a02cbd9135a2ee1a245ba19dfcf294c2d9e109b45081d93d5546d7bf25
SHA512

c483f79af560ba9a09395fd8de5bb5497498393f0e950306e3d706e66dd7084094dfd08d46c45c9c9e9b2b35890a79c7a78e8d926f04149ab14824ccdf69dd97
SSDEEP

768:9dkl/S28qHqfO1YkIYkOYqgmhhhfDVevQcnCSDCOehh2vd9ayK74UAMEGzsmKQkw:9GSRqHq21UYzyok4QCJOpv7ayK7HX5

Score

7^/10

Loads dropped DLL 1 IoCs

Processes:

regsvr32.exe

pid process

1936 regsvr32.exe

pid	process
1936	regsvr32.exe

Suspicious use of WriteProcessMemory 14 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2008 wrote to memory of 960	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 960	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 960	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 960	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 960	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 960	2008	rundll32.exe	rundll32.exe
PID 2008 wrote to memory of 960	2008	rundll32.exe	rundll32.exe
PID 960 wrote to memory of 1936	960	rundll32.exe	regsvr32.exe
PID 960 wrote to memory of 1936	960	rundll32.exe	regsvr32.exe
PID 960 wrote to memory of 1936	960	rundll32.exe	regsvr32.exe
PID 960 wrote to memory of 1936	960	rundll32.exe	regsvr32.exe
PID 960 wrote to memory of 1936	960	rundll32.exe	regsvr32.exe
PID 960 wrote to memory of 1936	960	rundll32.exe	regsvr32.exe
PID 960 wrote to memory of 1936	960	rundll32.exe	regsvr32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b237a4a02cbd9135a2ee1a245ba19dfcf294c2d9e109b45081d93d5546d7bf25.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2008

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b237a4a02cbd9135a2ee1a245ba19dfcf294c2d9e109b45081d93d5546d7bf25.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:960

C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\System32\regsvr32.exe" /s C:\Users\Admin\AppData\Local\Temp\255D.tmp
3⤵
- Loads dropped DLL
PID:1936

C:\Users\Admin\AppData\Local\Temp\255D.tmp
Filesize
43KB

MD5
f1f31c7bdc88d7efcff63dfe6cdf2ad0

SHA1
7b776bebff717b610c400e4b85e758dbc5dbc511

SHA256
9373e9ae157b3b25811efe441105b099047d0adf67426e42202f5d3acc5aa847

SHA512
1c4c8987378d438dc988e2af4e2eadf260ff527824de0402efc6ea21db34629fa949c1464402cc4712e57802eff80661c7b1633aba4ed2cc4b9d1abf154efc9a

Download Submit
\Users\Admin\AppData\Local\Temp\255D.tmp
Filesize
43KB

MD5
f1f31c7bdc88d7efcff63dfe6cdf2ad0

SHA1
7b776bebff717b610c400e4b85e758dbc5dbc511

SHA256
9373e9ae157b3b25811efe441105b099047d0adf67426e42202f5d3acc5aa847

SHA512
1c4c8987378d438dc988e2af4e2eadf260ff527824de0402efc6ea21db34629fa949c1464402cc4712e57802eff80661c7b1633aba4ed2cc4b9d1abf154efc9a

Download Submit
memory/960-54-0x0000000000000000-mapping.dmp

Download
memory/960-55-0x00000000753D1000-0x00000000753D3000-memory.dmp

Filesize
8KB

Download
memory/960-56-0x0000000000100000-0x0000000000114000-memory.dmp

Filesize
80KB

Download
memory/960-58-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1936-57-0x0000000000000000-mapping.dmp

Download