9fe2748a5840716451f33a99f4c28a8fb2f574db62e1b0a4b4e58993eab11325

Analysis

max time kernel
38s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 18:34

Target

9fe2748a5840716451f33a99f4c28a8fb2f574db62e1b0a4b4e58993eab11325.dll
Size

137KB
MD5

356a98c441e063c2028df6318466d83f
SHA1

d69311ec348ca4c1a3b8ac5e55a65e4fc37abcb3
SHA256

9fe2748a5840716451f33a99f4c28a8fb2f574db62e1b0a4b4e58993eab11325
SHA512

441220bbf4a271c6649ac76e6977b870ae8bf9fd994417a899c746a3cde96efd9a71fab6227f4d2a9b483ab8cb7b91616086f533297ea386064c25f33e074669
SSDEEP

3072:Dva6tOSk4eJw6BBO/ku0pBTNBoJ5Pn2+mfyGlvo:zPAd4uJTuOPae+Qo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1812 wrote to memory of 912	1812	regsvr32.exe	regsvr32.exe
PID 1812 wrote to memory of 912	1812	regsvr32.exe	regsvr32.exe
PID 1812 wrote to memory of 912	1812	regsvr32.exe	regsvr32.exe
PID 1812 wrote to memory of 912	1812	regsvr32.exe	regsvr32.exe
PID 1812 wrote to memory of 912	1812	regsvr32.exe	regsvr32.exe
PID 1812 wrote to memory of 912	1812	regsvr32.exe	regsvr32.exe
PID 1812 wrote to memory of 912	1812	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9fe2748a5840716451f33a99f4c28a8fb2f574db62e1b0a4b4e58993eab11325.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1812

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\9fe2748a5840716451f33a99f4c28a8fb2f574db62e1b0a4b4e58993eab11325.dll
2⤵
PID:912

memory/912-55-0x0000000000000000-mapping.dmp

Download
memory/912-56-0x0000000076091000-0x0000000076093000-memory.dmp

Filesize
8KB

Download
memory/1812-54-0x000007FEFBCA1000-0x000007FEFBCA3000-memory.dmp

Filesize
8KB

Download