0543aed714abc06aac367f72a3db5ee7d75b07dd24a7aa139160edccbdcf57c1

Analysis

max time kernel
2s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 09:18

Target

0543aed714abc06aac367f72a3db5ee7d75b07dd24a7aa139160edccbdcf57c1.dll
Size

100KB
MD5

1aea211ded285874fdb0475cebea4c00
SHA1

5923bab41f92ee37851b4ff479c45b70d965f6da
SHA256

0543aed714abc06aac367f72a3db5ee7d75b07dd24a7aa139160edccbdcf57c1
SHA512

b687bbf856d80358d6c5e7b34d1fc255effc462b8a842a7257ef6171a8e067cd7a795c68eb9d5487bc8cf87618b57da217b897cb6e93d14413e659c93355b2d5
SSDEEP

1536:PGnLycSjowbqwI81IDTlBiTD5dwK+hijbSkw5Bku+6ovAj+ZRXIj:2LycFanP1IriTD58Dk+d+6ovAj8yj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 960 wrote to memory of 944	960	regsvr32.exe	27
PID 960 wrote to memory of 944	960	regsvr32.exe	27
PID 960 wrote to memory of 944	960	regsvr32.exe	27
PID 960 wrote to memory of 944	960	regsvr32.exe	27
PID 960 wrote to memory of 944	960	regsvr32.exe	27
PID 960 wrote to memory of 944	960	regsvr32.exe	27
PID 960 wrote to memory of 944	960	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0543aed714abc06aac367f72a3db5ee7d75b07dd24a7aa139160edccbdcf57c1.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:960
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0543aed714abc06aac367f72a3db5ee7d75b07dd24a7aa139160edccbdcf57c1.dll
  2⤵
  PID:944

memory/944-56-0x0000000075141000-0x0000000075143000-memory.dmp

Filesize
8KB

Download
memory/960-54-0x000007FEFB931000-0x000007FEFB933000-memory.dmp

Filesize
8KB

Download