7abb3ad0e23c56186628d55c29aacd1ee9383921840c73bb2a0821f5b16ed101

Analysis

max time kernel
4s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 02:56

Target

7abb3ad0e23c56186628d55c29aacd1ee9383921840c73bb2a0821f5b16ed101.dll
Size

588KB
MD5

b6bb75e0ef0278b06c18a7c21ca2a01c
SHA1

aa4875a9148b4fc76d0d81247e009de05ec5d7ee
SHA256

7abb3ad0e23c56186628d55c29aacd1ee9383921840c73bb2a0821f5b16ed101
SHA512

cfafb57eb5dad37b3d6341c9750350b7a4e882d634e202127d74f18a3e6642a79e13d7f12b1c2466f2ec7633bad8e5e04926af6238e45b027604fb755bc5cb86
SSDEEP

768:m58e3rxYY2uXZ9hAVaYUStKIZ+2fJcwqVETAz4HMBbsjjRGPZMoU/V:1BY2IGM7IZ+nVETAzFs1foc

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 2036	1428	regsvr32.exe	28
PID 1428 wrote to memory of 2036	1428	regsvr32.exe	28
PID 1428 wrote to memory of 2036	1428	regsvr32.exe	28
PID 1428 wrote to memory of 2036	1428	regsvr32.exe	28
PID 1428 wrote to memory of 2036	1428	regsvr32.exe	28
PID 1428 wrote to memory of 2036	1428	regsvr32.exe	28
PID 1428 wrote to memory of 2036	1428	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7abb3ad0e23c56186628d55c29aacd1ee9383921840c73bb2a0821f5b16ed101.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7abb3ad0e23c56186628d55c29aacd1ee9383921840c73bb2a0821f5b16ed101.dll
  2⤵
  PID:2036

memory/1428-54-0x000007FEFBAC1000-0x000007FEFBAC3000-memory.dmp

Filesize
8KB

Download
memory/2036-56-0x0000000075591000-0x0000000075593000-memory.dmp

Filesize
8KB

Download