83b7f946965746388f8b1ea1c4b1a5c563b215a8bbe2e6dfadbff0527fb7db00

Analysis

max time kernel
42s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 06:43

Target

83b7f946965746388f8b1ea1c4b1a5c563b215a8bbe2e6dfadbff0527fb7db00.dll
Size

588KB
MD5

87917adedd4c73c10344e2fd24dfcbd9
SHA1

2b31a90668e3bdac73073f40221946b081219fd8
SHA256

83b7f946965746388f8b1ea1c4b1a5c563b215a8bbe2e6dfadbff0527fb7db00
SHA512

c3051a3ba515f10a6bd83faf53b0e05160b54deba7d6ab32139aea00c19a2ae5b2d8a23ae5bb83c38325b5e02f0d91b0b4fd92e7354a3ed00903ac12693741bb
SSDEEP

768:xAIaUI1Lq0Wjckr0T2d2hXZq/oCT6Uv2h3PNnVftA2oT4qVx4nX9iAVRGPZMoZzk:iBUgJ+DITC2tO2UOJN82oT4qoN5Tfoo/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 1708	1436	regsvr32.exe	27
PID 1436 wrote to memory of 1708	1436	regsvr32.exe	27
PID 1436 wrote to memory of 1708	1436	regsvr32.exe	27
PID 1436 wrote to memory of 1708	1436	regsvr32.exe	27
PID 1436 wrote to memory of 1708	1436	regsvr32.exe	27
PID 1436 wrote to memory of 1708	1436	regsvr32.exe	27
PID 1436 wrote to memory of 1708	1436	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\83b7f946965746388f8b1ea1c4b1a5c563b215a8bbe2e6dfadbff0527fb7db00.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\83b7f946965746388f8b1ea1c4b1a5c563b215a8bbe2e6dfadbff0527fb7db00.dll
  2⤵
  PID:1708

memory/1436-54-0x000007FEFC331000-0x000007FEFC333000-memory.dmp

Filesize
8KB

Download
memory/1708-55-0x0000000000000000-mapping.dmp

Download
memory/1708-56-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download