15a7580a375c52695f44d70e1f9ec55c00bbbce821d5875ba8b95f99ce4503fe

Analysis

max time kernel
2s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 06:31

Target

15a7580a375c52695f44d70e1f9ec55c00bbbce821d5875ba8b95f99ce4503fe.dll
Size

954KB
MD5

5eab4825b5b6b34592bc6281dbaa1c10
SHA1

1e0becf7965b55a7a0c43866b837f9b8445fdf91
SHA256

15a7580a375c52695f44d70e1f9ec55c00bbbce821d5875ba8b95f99ce4503fe
SHA512

452486034bbbaf81f1568d0aa5ac57cadce834b1ffd6e45a966f6d5d754ed288bc9bd750d1f8d9bbd435b8602fc5a30e78af5251af5291c5ac12a1548faf603d
SSDEEP

6144:NHadSQHfiInpb0mH3C3pCzFhsVb2YCrOVjuT7dVK5fiCH:NHgSWbRrS3AGGlU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2040	1736	regsvr32.exe	28
PID 1736 wrote to memory of 2040	1736	regsvr32.exe	28
PID 1736 wrote to memory of 2040	1736	regsvr32.exe	28
PID 1736 wrote to memory of 2040	1736	regsvr32.exe	28
PID 1736 wrote to memory of 2040	1736	regsvr32.exe	28
PID 1736 wrote to memory of 2040	1736	regsvr32.exe	28
PID 1736 wrote to memory of 2040	1736	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\15a7580a375c52695f44d70e1f9ec55c00bbbce821d5875ba8b95f99ce4503fe.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\15a7580a375c52695f44d70e1f9ec55c00bbbce821d5875ba8b95f99ce4503fe.dll
  2⤵
  PID:2040

memory/1736-54-0x000007FEFC4E1000-0x000007FEFC4E3000-memory.dmp

Filesize
8KB

Download
memory/2040-56-0x0000000076411000-0x0000000076413000-memory.dmp

Filesize
8KB

Download