d5eeb99c4e8a99c5dee03f5a2d8c493bb05b8eff1705182b346d899861f4fd43

Analysis

max time kernel
40s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 11:03

Target

d5eeb99c4e8a99c5dee03f5a2d8c493bb05b8eff1705182b346d899861f4fd43.dll
Size

91KB
MD5

954d2f68cfaef928c6d7a47321f453f6
SHA1

6b20073cfb604924cfaabdabcca969a67f64893f
SHA256

d5eeb99c4e8a99c5dee03f5a2d8c493bb05b8eff1705182b346d899861f4fd43
SHA512

dcedfb7aa5d9f0379a1ea359e3fb7a614160a42c2481adbda3e7c7a1c4331beafc1b9bbe6b14194b717968f9aa859c650966f229f6a34a7f5a569e0c8325d72a
SSDEEP

1536:ClWB4fGmJ7vkPCv4fHVbtj+ncADNbuLreYdr+VXAOCdsjdQDp0WpY/A4e:ClY4+mJTkPQWVbtacAoLrRdiVgdEdQDr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 1240	1700	regsvr32.exe	28
PID 1700 wrote to memory of 1240	1700	regsvr32.exe	28
PID 1700 wrote to memory of 1240	1700	regsvr32.exe	28
PID 1700 wrote to memory of 1240	1700	regsvr32.exe	28
PID 1700 wrote to memory of 1240	1700	regsvr32.exe	28
PID 1700 wrote to memory of 1240	1700	regsvr32.exe	28
PID 1700 wrote to memory of 1240	1700	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d5eeb99c4e8a99c5dee03f5a2d8c493bb05b8eff1705182b346d899861f4fd43.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\d5eeb99c4e8a99c5dee03f5a2d8c493bb05b8eff1705182b346d899861f4fd43.dll
  2⤵
  PID:1240

memory/1240-56-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download
memory/1240-57-0x0000000075000000-0x0000000075071000-memory.dmp

Filesize
452KB

Download
memory/1700-54-0x000007FEFC611000-0x000007FEFC613000-memory.dmp

Filesize
8KB

Download