19498711700a56345f3411b00d1f9bf1fd1fcf987d6e8c4a622ff3cadbc24e32

Analysis

max time kernel
26s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 10:36

Target

19498711700a56345f3411b00d1f9bf1fd1fcf987d6e8c4a622ff3cadbc24e32.dll
Size

160KB
MD5

c2bb953c4a62e1ac14f25e0c8c1e7ae0
SHA1

fda9b517f2d4c96d812dc0e1efc865b36ac73c6a
SHA256

19498711700a56345f3411b00d1f9bf1fd1fcf987d6e8c4a622ff3cadbc24e32
SHA512

5cb916c76e059fa69465b0c5b8dbe9000cdc85ec3b189d52eefd3ee5d32e08cd68427271afdc848cb97a58a148151e11b12e1a6ecf4d5b45fdfccdf1e8d6aa2f
SSDEEP

1536:Zlwrq+Ou7payOUXQOyvoAui54ckA6l4T08C2ii2QTuT9bKRvXxICS4A66fIofl54:HdZvUXQOywfquIQleR/606fIots9HWQ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 2032	1252	regsvr32.exe	28
PID 1252 wrote to memory of 2032	1252	regsvr32.exe	28
PID 1252 wrote to memory of 2032	1252	regsvr32.exe	28
PID 1252 wrote to memory of 2032	1252	regsvr32.exe	28
PID 1252 wrote to memory of 2032	1252	regsvr32.exe	28
PID 1252 wrote to memory of 2032	1252	regsvr32.exe	28
PID 1252 wrote to memory of 2032	1252	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\19498711700a56345f3411b00d1f9bf1fd1fcf987d6e8c4a622ff3cadbc24e32.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\19498711700a56345f3411b00d1f9bf1fd1fcf987d6e8c4a622ff3cadbc24e32.dll
  2⤵
  PID:2032

memory/1252-54-0x000007FEFBCA1000-0x000007FEFBCA3000-memory.dmp

Filesize
8KB

Download
memory/2032-56-0x0000000076381000-0x0000000076383000-memory.dmp

Filesize
8KB

Download