dc0c8347ab188abd5a946b4f736412b4ff9e246a2c3015f7707e7cf32754f030

Analysis

max time kernel
14s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 04:18

Target

dc0c8347ab188abd5a946b4f736412b4ff9e246a2c3015f7707e7cf32754f030.dll
Size

136KB
MD5

727037421b12339457ffe41cba3000ef
SHA1

5b67a6a44e71fac0d94e2b422e7136e7db64cef1
SHA256

dc0c8347ab188abd5a946b4f736412b4ff9e246a2c3015f7707e7cf32754f030
SHA512

d60efe53e3d57be396a0149debc6bb80cc07ec0835f6fabffff5586a7edb3f999ecbbc8cfb41cc6d5fbf83883b83fd207aa90834455d025985f16e497665c950
SSDEEP

3072:B6ptVlj+ozm4Xu11OWT2yNZscdmxU8R0X7rNtP4I3g5CaUs4t4cQ/+:asTOWT2yNZsrv0X7rr5g

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1144 wrote to memory of 1328	1144	regsvr32.exe	regsvr32.exe
PID 1144 wrote to memory of 1328	1144	regsvr32.exe	regsvr32.exe
PID 1144 wrote to memory of 1328	1144	regsvr32.exe	regsvr32.exe
PID 1144 wrote to memory of 1328	1144	regsvr32.exe	regsvr32.exe
PID 1144 wrote to memory of 1328	1144	regsvr32.exe	regsvr32.exe
PID 1144 wrote to memory of 1328	1144	regsvr32.exe	regsvr32.exe
PID 1144 wrote to memory of 1328	1144	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dc0c8347ab188abd5a946b4f736412b4ff9e246a2c3015f7707e7cf32754f030.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1144

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\dc0c8347ab188abd5a946b4f736412b4ff9e246a2c3015f7707e7cf32754f030.dll
2⤵
PID:1328

memory/1144-54-0x000007FEFBE41000-0x000007FEFBE43000-memory.dmp

Filesize
8KB

Download
memory/1328-55-0x0000000000000000-mapping.dmp

Download
memory/1328-56-0x0000000075F01000-0x0000000075F03000-memory.dmp

Filesize
8KB

Download