571020f9fe1dec4d2600f665c92f804db888758dedc321cb17518dbefce0ab19

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 09:00

Target

571020f9fe1dec4d2600f665c92f804db888758dedc321cb17518dbefce0ab19.dll
Size

128KB
MD5

9afb2c25291712d544f5565395447a50
SHA1

d8a4615012ea84c43a1b20f2a7da8f33b2422c5c
SHA256

571020f9fe1dec4d2600f665c92f804db888758dedc321cb17518dbefce0ab19
SHA512

c4a1277305d29d1b8c4f0a3f19f06a3b260c9705d830ebb4861034dbff62a6342f0b67c3074e4f98a4a33faa3b82e7100bad7e9ffb1ece0ee8fb5ea63286370b
SSDEEP

1536:TkUgJ+DzTC2tOmXbJVaK3R0XMJ33iU5hVXl7NeLZ61due6moMNNlltdgHXTzHrzD:gyTOubqoNNfol

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 1032	2000	regsvr32.exe	28
PID 2000 wrote to memory of 1032	2000	regsvr32.exe	28
PID 2000 wrote to memory of 1032	2000	regsvr32.exe	28
PID 2000 wrote to memory of 1032	2000	regsvr32.exe	28
PID 2000 wrote to memory of 1032	2000	regsvr32.exe	28
PID 2000 wrote to memory of 1032	2000	regsvr32.exe	28
PID 2000 wrote to memory of 1032	2000	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\571020f9fe1dec4d2600f665c92f804db888758dedc321cb17518dbefce0ab19.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\571020f9fe1dec4d2600f665c92f804db888758dedc321cb17518dbefce0ab19.dll
  2⤵
  PID:1032

memory/1032-56-0x0000000075501000-0x0000000075503000-memory.dmp

Filesize
8KB

Download
memory/2000-54-0x000007FEFBD21000-0x000007FEFBD23000-memory.dmp

Filesize
8KB

Download