fa534e0c063b5a4d9ae283b77db02b4819fed2f1fcfd847db1668808dfd0e0ea

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 15:55

Target

fa534e0c063b5a4d9ae283b77db02b4819fed2f1fcfd847db1668808dfd0e0ea.dll
Size

1.4MB
MD5

f1f1cbe832020aab5862c61c7709dc89
SHA1

791d7a9b57ae1447fa482d4034ded9408b0dde3a
SHA256

fa534e0c063b5a4d9ae283b77db02b4819fed2f1fcfd847db1668808dfd0e0ea
SHA512

341e9190b94ad36dfc4c620b8076866d41d7a2d6c61e2c6a7a0fba65c66115eca708ae76c6a5cb0f845a93a831933b534a9959cb011131af05e7b5903fae513b
SSDEEP

24576:+7itGJpTXVm8rr5PmNtvnIi0ANulFjKLZkuDHSG6daNtZS1TiQd3jPJpSCF1:+7QGJpI8rr5UvtJ+duZ5fvNtZS1GAzPr

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 2036	1408	regsvr32.exe	27
PID 1408 wrote to memory of 2036	1408	regsvr32.exe	27
PID 1408 wrote to memory of 2036	1408	regsvr32.exe	27
PID 1408 wrote to memory of 2036	1408	regsvr32.exe	27
PID 1408 wrote to memory of 2036	1408	regsvr32.exe	27
PID 1408 wrote to memory of 2036	1408	regsvr32.exe	27
PID 1408 wrote to memory of 2036	1408	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\fa534e0c063b5a4d9ae283b77db02b4819fed2f1fcfd847db1668808dfd0e0ea.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\fa534e0c063b5a4d9ae283b77db02b4819fed2f1fcfd847db1668808dfd0e0ea.dll
  2⤵
  PID:2036

memory/1408-54-0x000007FEFB771000-0x000007FEFB773000-memory.dmp

Filesize
8KB

Download
memory/2036-56-0x0000000074B51000-0x0000000074B53000-memory.dmp

Filesize
8KB

Download
memory/2036-57-0x0000000001FB0000-0x0000000002383000-memory.dmp

Filesize
3.8MB

Download
memory/2036-58-0x0000000000830000-0x000000000088F000-memory.dmp

Filesize
380KB

Download
memory/2036-59-0x0000000001FB0000-0x0000000002383000-memory.dmp

Filesize
3.8MB

Download