17f00476ba3b80b94fe3205f017436657200c33bdc14810a4520dd46c98f4deb

Analysis

max time kernel
35s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 17:03

Target

17f00476ba3b80b94fe3205f017436657200c33bdc14810a4520dd46c98f4deb.dll
Size

673KB
MD5

17497fb89361244f5df0925a42ff00bc
SHA1

713e29c93e1faaebbc10eca53bc5917287495652
SHA256

17f00476ba3b80b94fe3205f017436657200c33bdc14810a4520dd46c98f4deb
SHA512

8dab1876bf965b548faf4cb07e71799263c30b6ff04be2f6374124bff03ab4eb8290790e5b4e7648f8b001bfcead9476311c6cdcae21353701186ba80a5e828f
SSDEEP

6144:4xpP4xjVMOm+sjywDGbgYe57PHp64yMQfv3yWTJqDh1zHINTJe1wDbDLxNQXItR:4xR0V09ywqbgBPc6dlHIuifD1t

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1088 wrote to memory of 2032	1088	regsvr32.exe	regsvr32.exe
PID 1088 wrote to memory of 2032	1088	regsvr32.exe	regsvr32.exe
PID 1088 wrote to memory of 2032	1088	regsvr32.exe	regsvr32.exe
PID 1088 wrote to memory of 2032	1088	regsvr32.exe	regsvr32.exe
PID 1088 wrote to memory of 2032	1088	regsvr32.exe	regsvr32.exe
PID 1088 wrote to memory of 2032	1088	regsvr32.exe	regsvr32.exe
PID 1088 wrote to memory of 2032	1088	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\17f00476ba3b80b94fe3205f017436657200c33bdc14810a4520dd46c98f4deb.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1088

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\17f00476ba3b80b94fe3205f017436657200c33bdc14810a4520dd46c98f4deb.dll
2⤵
PID:2032

memory/1088-54-0x000007FEFC431000-0x000007FEFC433000-memory.dmp

Filesize
8KB

Download
memory/2032-55-0x0000000000000000-mapping.dmp

Download
memory/2032-56-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download
memory/2032-57-0x00000000593F0000-0x000000005949B000-memory.dmp

Filesize
684KB

Download