349349ddb1cb9390c1800fee8453317476ae24c787649390e55f4105e4bf447f

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 09:51

Target

349349ddb1cb9390c1800fee8453317476ae24c787649390e55f4105e4bf447f.dll
Size

128KB
MD5

99b9acad333aca05cf17c90ff4b0c240
SHA1

3b1567d80508985ba6885abc18db8c388b42167c
SHA256

349349ddb1cb9390c1800fee8453317476ae24c787649390e55f4105e4bf447f
SHA512

48787675d8396836854f9a289755fcecbc6ef8bdbf38590c79e2fac71eabaab8cf3d074c93b1f45b0c196829734972a652edd659f3e340bd4b536e98844c9728
SSDEEP

1536:6DfR/9o2LeV/dFPzmqiTyaDLhYETtyGqgo+XosiFmu1k6:6h9DeV/rPz7oqHGDo+XosiUu1k6

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 1732	856	regsvr32.exe	27
PID 856 wrote to memory of 1732	856	regsvr32.exe	27
PID 856 wrote to memory of 1732	856	regsvr32.exe	27
PID 856 wrote to memory of 1732	856	regsvr32.exe	27
PID 856 wrote to memory of 1732	856	regsvr32.exe	27
PID 856 wrote to memory of 1732	856	regsvr32.exe	27
PID 856 wrote to memory of 1732	856	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\349349ddb1cb9390c1800fee8453317476ae24c787649390e55f4105e4bf447f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:856
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\349349ddb1cb9390c1800fee8453317476ae24c787649390e55f4105e4bf447f.dll
  2⤵
  PID:1732

memory/856-54-0x000007FEFC161000-0x000007FEFC163000-memory.dmp

Filesize
8KB

Download
memory/1732-56-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download