e1e740508b378af4940800995e3edcf80c720d3467f07b3f341bc82cf64c5933

Analysis

max time kernel
45s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 10:54

Target

e1e740508b378af4940800995e3edcf80c720d3467f07b3f341bc82cf64c5933.dll
Size

17KB
MD5

b44346ac6046bfda87ef65eb7c2479ac
SHA1

b54c24b9275ad486ca2784afbfaee2828c7ac89e
SHA256

e1e740508b378af4940800995e3edcf80c720d3467f07b3f341bc82cf64c5933
SHA512

593fbdec9a532048fcde78df40548a118d179d9778a7929f806e304c430c422fd0c4d75862bcf29d4f39e753bc05e997b6b80578ba386fb878ab237105bd7765
SSDEEP

384:YWFD8j8WuGoSnJT/lORcLj4xG3wV03/QCkPaBAXsM6U6C0cx5VhG:EjoGPjEGjaQwVJvNXsM6AjG

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 1776	1252	regsvr32.exe	27
PID 1252 wrote to memory of 1776	1252	regsvr32.exe	27
PID 1252 wrote to memory of 1776	1252	regsvr32.exe	27
PID 1252 wrote to memory of 1776	1252	regsvr32.exe	27
PID 1252 wrote to memory of 1776	1252	regsvr32.exe	27
PID 1252 wrote to memory of 1776	1252	regsvr32.exe	27
PID 1252 wrote to memory of 1776	1252	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e1e740508b378af4940800995e3edcf80c720d3467f07b3f341bc82cf64c5933.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e1e740508b378af4940800995e3edcf80c720d3467f07b3f341bc82cf64c5933.dll
  2⤵
  PID:1776

memory/1252-54-0x000007FEFB741000-0x000007FEFB743000-memory.dmp

Filesize
8KB

Download
memory/1776-56-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download