db11ed1a5f6527d82018f0baece1bc0775a73980415fbb1d1c4925d1bcd5125b

Analysis

max time kernel
27s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-12-2022 13:42

Target

db11ed1a5f6527d82018f0baece1bc0775a73980415fbb1d1c4925d1bcd5125b.dll
Size

132KB
MD5

444fc3fe8631aaebfbe9b67ddf8da53b
SHA1

83b67599489ebf9384ee7d817fcfe01c0276eb51
SHA256

db11ed1a5f6527d82018f0baece1bc0775a73980415fbb1d1c4925d1bcd5125b
SHA512

2cdfed7447931bce07af8cc0f70648230fe17519f655a26c823ebbb116902876e362ed12b0b38a52df17d5f3b6b65f773e6676aabccdfdbaa5fd14ab85a9d130
SSDEEP

3072:0F1Ptf5TSC/0hbCIojtnEvvr58tE5Q/Scew:Gld0XYner5Y/xew

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 668 wrote to memory of 1712	668	regsvr32.exe	28
PID 668 wrote to memory of 1712	668	regsvr32.exe	28
PID 668 wrote to memory of 1712	668	regsvr32.exe	28
PID 668 wrote to memory of 1712	668	regsvr32.exe	28
PID 668 wrote to memory of 1712	668	regsvr32.exe	28
PID 668 wrote to memory of 1712	668	regsvr32.exe	28
PID 668 wrote to memory of 1712	668	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\db11ed1a5f6527d82018f0baece1bc0775a73980415fbb1d1c4925d1bcd5125b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:668
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\db11ed1a5f6527d82018f0baece1bc0775a73980415fbb1d1c4925d1bcd5125b.dll
  2⤵
  PID:1712

memory/668-54-0x000007FEFB7B1000-0x000007FEFB7B3000-memory.dmp

Filesize
8KB

Download
memory/1712-55-0x0000000000000000-mapping.dmp

Download
memory/1712-56-0x0000000075981000-0x0000000075983000-memory.dmp

Filesize
8KB

Download