7fe55c3fb8d8c56eaa0e41361dde9d4fd9ea2027cd2fa42d92c973f5cc79f421

Analysis

max time kernel
43s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 02:42

Target

7fe55c3fb8d8c56eaa0e41361dde9d4fd9ea2027cd2fa42d92c973f5cc79f421.dll
Size

588KB
MD5

fc313c2d7243499fbed35e7b432489a0
SHA1

be2287ae58f2bb23d5977c64f984d196a12350fb
SHA256

7fe55c3fb8d8c56eaa0e41361dde9d4fd9ea2027cd2fa42d92c973f5cc79f421
SHA512

fd34880697fcf01e3606c32681662fbf82e8c67ce9ccfb620e491d52d6a0dd6f36eed7db75fb1e2ec7eac52bf6ab538f10f275b24bac68c197f8510ee6c1036c
SSDEEP

1536:NGkmYRQcowbqwI81hDTlBSaDzdlK+hiKbZXw5BkH+6o9LTVNsU6:zmYRsanP1hrSaDzDZX2k+6o9LhGU6

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1104 wrote to memory of 1732	1104	regsvr32.exe	27
PID 1104 wrote to memory of 1732	1104	regsvr32.exe	27
PID 1104 wrote to memory of 1732	1104	regsvr32.exe	27
PID 1104 wrote to memory of 1732	1104	regsvr32.exe	27
PID 1104 wrote to memory of 1732	1104	regsvr32.exe	27
PID 1104 wrote to memory of 1732	1104	regsvr32.exe	27
PID 1104 wrote to memory of 1732	1104	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7fe55c3fb8d8c56eaa0e41361dde9d4fd9ea2027cd2fa42d92c973f5cc79f421.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1104
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7fe55c3fb8d8c56eaa0e41361dde9d4fd9ea2027cd2fa42d92c973f5cc79f421.dll
  2⤵
  PID:1732

memory/1104-54-0x000007FEFBDB1000-0x000007FEFBDB3000-memory.dmp

Filesize
8KB

Download
memory/1732-56-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download