fd1aba2152b1126945c73c206beaaf8a3b95b471678f8a6fc750841afe3b312a

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 10:34

Target

fd1aba2152b1126945c73c206beaaf8a3b95b471678f8a6fc750841afe3b312a.dll
Size

139KB
MD5

fcb17130b4d8ff3001258385a123355e
SHA1

5ccae4ab707850d6cf6cab1a4f8367a42d41091f
SHA256

fd1aba2152b1126945c73c206beaaf8a3b95b471678f8a6fc750841afe3b312a
SHA512

fbd8d7f73eb1fe1f6cf9a57164ab0ac3ec7022fbbb6e5e500206f5b8c7d94d620a8b10752d076515fea43abfe23a8fbd3f6ba7d93c88be5db603d70b8b4b04af
SSDEEP

3072:3a04dCHu3Bd4j7xbSfOiMS+7yMQYr+NtJ1oLRyGlSA1:q0bIgbA8GFYr+Ntfha

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 1260	832	regsvr32.exe	28
PID 832 wrote to memory of 1260	832	regsvr32.exe	28
PID 832 wrote to memory of 1260	832	regsvr32.exe	28
PID 832 wrote to memory of 1260	832	regsvr32.exe	28
PID 832 wrote to memory of 1260	832	regsvr32.exe	28
PID 832 wrote to memory of 1260	832	regsvr32.exe	28
PID 832 wrote to memory of 1260	832	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fd1aba2152b1126945c73c206beaaf8a3b95b471678f8a6fc750841afe3b312a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:832
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\fd1aba2152b1126945c73c206beaaf8a3b95b471678f8a6fc750841afe3b312a.dll
  2⤵
  PID:1260

memory/832-54-0x000007FEFC611000-0x000007FEFC613000-memory.dmp

Filesize
8KB

Download
memory/1260-56-0x0000000076BA1000-0x0000000076BA3000-memory.dmp

Filesize
8KB

Download