4077e7256a7baf7818d48ca2404257ea02fff260321338bb71ce09d99622cd83

Analysis

max time kernel
43s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 11:07

Target

4077e7256a7baf7818d48ca2404257ea02fff260321338bb71ce09d99622cd83.dll
Size

912KB
MD5

1a9b4a1120686d77b55e678d3fa409be
SHA1

00a05dbef0595d783507a0ca1877d1b434da9099
SHA256

4077e7256a7baf7818d48ca2404257ea02fff260321338bb71ce09d99622cd83
SHA512

723024817f0c53f95d9ab1dc7d1fd7f4fa4e6b1a029a57782a9cfb3270ec39f802a481fb9561db5d5d92ed3971c50dcc898e7d7c25a13c3e8a02f84a6e9cf33d
SSDEEP

12288:4liXI5mPJo2G0JK9hI1fThp163nA5NRCUEeRbCiY78j19bYE:4CI5QJo2G0JK9hYTM0FEMCilXYE

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1720	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1720	1672	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4077e7256a7baf7818d48ca2404257ea02fff260321338bb71ce09d99622cd83.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4077e7256a7baf7818d48ca2404257ea02fff260321338bb71ce09d99622cd83.dll
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1720

memory/1672-54-0x000007FEFB7F1000-0x000007FEFB7F3000-memory.dmp

Filesize
8KB

Download
memory/1720-56-0x0000000075111000-0x0000000075113000-memory.dmp

Filesize
8KB

Download