59dac8873ec1f2d142a24f29f24a2e9c827633e786db99566b1b94eb38c75a18

Analysis

max time kernel
24s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 20:53

Target

59dac8873ec1f2d142a24f29f24a2e9c827633e786db99566b1b94eb38c75a18.dll
Size

14KB
MD5

00f0ba11e0c03e123142c66126304e2d
SHA1

dfd3132fb3cae2389a7801050b9b1c7ecccbc947
SHA256

59dac8873ec1f2d142a24f29f24a2e9c827633e786db99566b1b94eb38c75a18
SHA512

6cd996014a8554d3dbf0c5e3c532f332e6f221be74fb13813e8cd3ddf8f1fec16f79f45b15ceb97862b6c20f7042e54c64fdfa905abd716f74f78b0bb050cfe4
SSDEEP

384:WwMe1QydjkgrwqCnPV0GDWpu/1oXy5d5W:Wvjymlqot0GqpuuE

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1544 wrote to memory of 1280	1544	regsvr32.exe	regsvr32.exe
PID 1544 wrote to memory of 1280	1544	regsvr32.exe	regsvr32.exe
PID 1544 wrote to memory of 1280	1544	regsvr32.exe	regsvr32.exe
PID 1544 wrote to memory of 1280	1544	regsvr32.exe	regsvr32.exe
PID 1544 wrote to memory of 1280	1544	regsvr32.exe	regsvr32.exe
PID 1544 wrote to memory of 1280	1544	regsvr32.exe	regsvr32.exe
PID 1544 wrote to memory of 1280	1544	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\59dac8873ec1f2d142a24f29f24a2e9c827633e786db99566b1b94eb38c75a18.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\59dac8873ec1f2d142a24f29f24a2e9c827633e786db99566b1b94eb38c75a18.dll
  2⤵
  PID:1280

memory/1280-55-0x0000000000000000-mapping.dmp

Download
memory/1280-56-0x0000000074C41000-0x0000000074C43000-memory.dmp

Filesize
8KB

Download
memory/1544-54-0x000007FEFB861000-0x000007FEFB863000-memory.dmp

Filesize
8KB

Download