256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 06:09

Target

256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d.dll
Size

588KB
MD5

694e1aaf95998636f98392c303114b90
SHA1

3ec74379035c9a55b277f989e35e928b25707954
SHA256

256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d
SHA512

8d3fd1a7692db50a492f6a7e0a6d7362877c311bacf1718a3c45cd72d8df5a0dfe54c4640571536066cc66824b93b68e63bf82a4f50a71053e9e93d1acc1916c
SSDEEP

768:h58e3riYY2uXZ9hAVaYUStKIZ+2fJcwqVETAz4HMBbsjjRGPZMo2/V:U+Y2IGM7IZ+nVETAzFs1foC

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 2032	1408	regsvr32.exe	27
PID 1408 wrote to memory of 2032	1408	regsvr32.exe	27
PID 1408 wrote to memory of 2032	1408	regsvr32.exe	27
PID 1408 wrote to memory of 2032	1408	regsvr32.exe	27
PID 1408 wrote to memory of 2032	1408	regsvr32.exe	27
PID 1408 wrote to memory of 2032	1408	regsvr32.exe	27
PID 1408 wrote to memory of 2032	1408	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\256abfe8b90ee5c0d29866f00eca375135c4d28139f5694b0f08f1659c23809d.dll
  2⤵
  PID:2032

memory/1408-54-0x000007FEFB771000-0x000007FEFB773000-memory.dmp

Filesize
8KB

Download
memory/2032-56-0x0000000074B51000-0x0000000074B53000-memory.dmp

Filesize
8KB

Download