cb4daa4702752d92c8427c377353efbd27e9fadf2763e58216479fe320e876f0

Analysis

max time kernel
26s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23/11/2022, 20:16

Target

cb4daa4702752d92c8427c377353efbd27e9fadf2763e58216479fe320e876f0.dll
Size

120KB
MD5

438834183cc8c4f95fe104cee5f3b2b2
SHA1

203f236ca69d8e8ddfe72dc749af6aa80f2b8fd0
SHA256

cb4daa4702752d92c8427c377353efbd27e9fadf2763e58216479fe320e876f0
SHA512

b7403a99b23199b4f7d062cf13b5b0e7d16137f119c0a0d21b4ba64d766ca11d542b0725009fb7aa1ce02189b35052d2b6d0654ac33fabea617104fb9582f7a0
SSDEEP

1536:3hzGqSQGQ1ADAfRAFMFnc5ZpL/sKUo0qvvW4D3Iz:xQfQ19RtmpbbU/+vW4D3o

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 536	688	regsvr32.exe	28
PID 688 wrote to memory of 536	688	regsvr32.exe	28
PID 688 wrote to memory of 536	688	regsvr32.exe	28
PID 688 wrote to memory of 536	688	regsvr32.exe	28
PID 688 wrote to memory of 536	688	regsvr32.exe	28
PID 688 wrote to memory of 536	688	regsvr32.exe	28
PID 688 wrote to memory of 536	688	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cb4daa4702752d92c8427c377353efbd27e9fadf2763e58216479fe320e876f0.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:688
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cb4daa4702752d92c8427c377353efbd27e9fadf2763e58216479fe320e876f0.dll
  2⤵
  PID:536

memory/536-56-0x0000000074D61000-0x0000000074D63000-memory.dmp

Filesize
8KB

Download
memory/688-54-0x000007FEFB801000-0x000007FEFB803000-memory.dmp

Filesize
8KB

Download