e5aa0b6fb338df9f1b215f2124aabf0ccf8232ac40c3344da0ac79a1946c8e6c

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
28/11/2022, 02:31

Target

e5aa0b6fb338df9f1b215f2124aabf0ccf8232ac40c3344da0ac79a1946c8e6c.dll
Size

132KB
MD5

c915ad5c8369c29d2d9c480cf4d38158
SHA1

35e3a3d8e28ce2462542dd717ab8b61a7131bb43
SHA256

e5aa0b6fb338df9f1b215f2124aabf0ccf8232ac40c3344da0ac79a1946c8e6c
SHA512

4eced771663cea04716f496e67ec28b549039d71a86503c83236d1fe94bc6c7f2c34bb5ec19806bb9d4c94fa89984d85027e8d10a6431d70a39472faa164cba0
SSDEEP

1536:w1MqHXnQowuS1Vuhnz5NBiFVCV+1Lft1PuA0/Wa:0r50gnz9iFN1LftAwa

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1272 wrote to memory of 1200	1272	regsvr32.exe	27
PID 1272 wrote to memory of 1200	1272	regsvr32.exe	27
PID 1272 wrote to memory of 1200	1272	regsvr32.exe	27
PID 1272 wrote to memory of 1200	1272	regsvr32.exe	27
PID 1272 wrote to memory of 1200	1272	regsvr32.exe	27
PID 1272 wrote to memory of 1200	1272	regsvr32.exe	27
PID 1272 wrote to memory of 1200	1272	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e5aa0b6fb338df9f1b215f2124aabf0ccf8232ac40c3344da0ac79a1946c8e6c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1272
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e5aa0b6fb338df9f1b215f2124aabf0ccf8232ac40c3344da0ac79a1946c8e6c.dll
  2⤵
  PID:1200

memory/1200-56-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1272-54-0x000007FEFB621000-0x000007FEFB623000-memory.dmp

Filesize
8KB

Download