b58d891ff68b42d0344b3babba570381a0d8d80461c694d283ef7513f0f6f444

Analysis

max time kernel
17s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
30/11/2022, 22:55

Target

b58d891ff68b42d0344b3babba570381a0d8d80461c694d283ef7513f0f6f444.dll
Size

588KB
MD5

194d11bc29a48ccaff4604efdb15accb
SHA1

257cc49ccdf4152d5b9bfb5b1c076904aaa0da42
SHA256

b58d891ff68b42d0344b3babba570381a0d8d80461c694d283ef7513f0f6f444
SHA512

fd12c984b335b93de20d2f64e0cdc660ba45faea1842613bbe4a05e1953d798082b5fe6638920cc3b056d26494556e434bbb6420ae33ad81a8f3dcf59e4b14c7
SSDEEP

768:y58e3rfYY2uXZ9hAVaYUStKIZ+2fJcwqVETAz4HMBbsjjRGPZMo0/V:pvY2IGM7IZ+nVETAzFs1fo8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 940 wrote to memory of 1140	940	regsvr32.exe	28
PID 940 wrote to memory of 1140	940	regsvr32.exe	28
PID 940 wrote to memory of 1140	940	regsvr32.exe	28
PID 940 wrote to memory of 1140	940	regsvr32.exe	28
PID 940 wrote to memory of 1140	940	regsvr32.exe	28
PID 940 wrote to memory of 1140	940	regsvr32.exe	28
PID 940 wrote to memory of 1140	940	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b58d891ff68b42d0344b3babba570381a0d8d80461c694d283ef7513f0f6f444.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:940
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b58d891ff68b42d0344b3babba570381a0d8d80461c694d283ef7513f0f6f444.dll
  2⤵
  PID:1140

memory/940-54-0x000007FEFB731000-0x000007FEFB733000-memory.dmp

Filesize
8KB

Download
memory/1140-56-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download