a620dc619e4006b73eb731e731009df322f64b2e03fbea6456072ec42344fbac

Analysis

max time kernel
46s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30-11-2022 23:53

Target

a620dc619e4006b73eb731e731009df322f64b2e03fbea6456072ec42344fbac.dll
Size

588KB
MD5

0726c7e1f7595d9380fe0146e335c570
SHA1

073064eb7bd9041ab9bf61fcaa6ec97067f9b710
SHA256

a620dc619e4006b73eb731e731009df322f64b2e03fbea6456072ec42344fbac
SHA512

b51cb8e66c1601e11efa330ea414ba19d31b326be4cd372db433869d6d4618dd4f8bb8f0d81a4b7bb4d20feab3eac0f2b17c693d97d4919f23ffd75cdf3270f1
SSDEEP

768:A58e3rNYY2uXZ9hAVaYUStKIZ+2fJcwqVETAz4HMBbsjjRGPZMoE/V:3hY2IGM7IZ+nVETAzFs1foM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 1932	1444	regsvr32.exe	27
PID 1444 wrote to memory of 1932	1444	regsvr32.exe	27
PID 1444 wrote to memory of 1932	1444	regsvr32.exe	27
PID 1444 wrote to memory of 1932	1444	regsvr32.exe	27
PID 1444 wrote to memory of 1932	1444	regsvr32.exe	27
PID 1444 wrote to memory of 1932	1444	regsvr32.exe	27
PID 1444 wrote to memory of 1932	1444	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a620dc619e4006b73eb731e731009df322f64b2e03fbea6456072ec42344fbac.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a620dc619e4006b73eb731e731009df322f64b2e03fbea6456072ec42344fbac.dll
  2⤵
  PID:1932

memory/1444-54-0x000007FEFBEE1000-0x000007FEFBEE3000-memory.dmp

Filesize
8KB

Download
memory/1932-55-0x0000000000000000-mapping.dmp

Download
memory/1932-56-0x0000000075D71000-0x0000000075D73000-memory.dmp

Filesize
8KB

Download