6039fcf4b3d79f847f7b545ae0d7767a4d58e12721b049b04ade6550eef549b9

Analysis

max time kernel
150s
max time network
144s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
30-11-2022 10:01

Target

09bc2a1aefbafd3e7577bc3c352c82ad.dll
Size

55KB
MD5

09bc2a1aefbafd3e7577bc3c352c82ad
SHA1

eb7b0b4ce98998aa78f453e14ee1bde3319c6834
SHA256

6039fcf4b3d79f847f7b545ae0d7767a4d58e12721b049b04ade6550eef549b9
SHA512

234f10dc86467bfea7e12fcc54bde556d972ec83852f9e43e6be05e2dc1ea213b26e4f20277a3cfdaefd9970958cef70191df9f2971bf6e186a9a4cabbcd2bde
SSDEEP

1536:ogWi5BVVWsfV/hAq/ctyaAkFc+evm4VtMQtCP:jWqBVVJfVJaytAJCtS

Score

1^/10

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

regsvr32.exeregsvr32.exe

description	pid	process	target process
PID 1768 wrote to memory of 988	1768	regsvr32.exe	regsvr32.exe
PID 1768 wrote to memory of 988	1768	regsvr32.exe	regsvr32.exe
PID 1768 wrote to memory of 988	1768	regsvr32.exe	regsvr32.exe
PID 1768 wrote to memory of 988	1768	regsvr32.exe	regsvr32.exe
PID 1768 wrote to memory of 988	1768	regsvr32.exe	regsvr32.exe
PID 1768 wrote to memory of 988	1768	regsvr32.exe	regsvr32.exe
PID 1768 wrote to memory of 988	1768	regsvr32.exe	regsvr32.exe
PID 988 wrote to memory of 1408	988	regsvr32.exe	cmd.exe
PID 988 wrote to memory of 1408	988	regsvr32.exe	cmd.exe
PID 988 wrote to memory of 1408	988	regsvr32.exe	cmd.exe
PID 988 wrote to memory of 1408	988	regsvr32.exe	cmd.exe
PID 988 wrote to memory of 1584	988	regsvr32.exe	cmd.exe
PID 988 wrote to memory of 1584	988	regsvr32.exe	cmd.exe
PID 988 wrote to memory of 1584	988	regsvr32.exe	cmd.exe
PID 988 wrote to memory of 1584	988	regsvr32.exe	cmd.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\09bc2a1aefbafd3e7577bc3c352c82ad.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1768

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\09bc2a1aefbafd3e7577bc3c352c82ad.dll
2⤵
- Suspicious use of WriteProcessMemory
PID:988

C:\Windows\SysWOW64\cmd.exe
cmd /c "echo Commands" >> C:\Users\Admin\AppData\Local\Temp\2B18.tmp
3⤵
PID:1408

C:\Windows\SysWOW64\cmd.exe
cmd /c "dir" >> C:\Users\Admin\AppData\Local\Temp\2B18.tmp
3⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\2B18.tmp
Filesize
11B

MD5
a67f2061c697fd95f6b28d89b953a51f

SHA1
6730b864104f0840fcebf04383d2e3ef7c324a48

SHA256
d4bdd82a900fea52cbd442ce8cae201982392d3533d765bfceb7682bc2d16a79

SHA512
d9cc7c1593967dbcaf358bc9d394426d97baa7bb6ddeed1767b638c85aa814276eaa3609588b720cab3b2a0b3e36d1d3833dab3e75c9c1a92b8315db61a64cbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\2B18.tmp
Filesize
3KB

MD5
f9f0a6c607cebee11085a35db75b0ba0

SHA1
183f299b65a956a43f4dc4f19858d15906b3f75b

SHA256
5a6788d20ad880e76053748f1b28fb5bd1a29564bd3e7152d716277e7b7c1912

SHA512
11ae5534d25f45cad863f6250c1123b3acde0cbc59523284ff552ce4623c17669b379cafc335849bbfc1624c1613b86e85c8113cb81c01cb47b110d13f31c868

Download Submit
memory/988-55-0x0000000000000000-mapping.dmp

Download
memory/988-56-0x0000000076961000-0x0000000076963000-memory.dmp

Filesize
8KB

Download
memory/1408-57-0x0000000000000000-mapping.dmp

Download
memory/1584-58-0x0000000000000000-mapping.dmp

Download
memory/1768-54-0x000007FEFC591000-0x000007FEFC593000-memory.dmp

Filesize
8KB

Download