efea0efe522aa017c89d97e79a14e630728285b45ba99fef179bb6226a7883e6

Analysis

max time kernel
2s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 16:15

Target

efea0efe522aa017c89d97e79a14e630728285b45ba99fef179bb6226a7883e6.dll
Size

14.6MB
MD5

46701c9b6b1261b99d2a63b972ea7cc4
SHA1

cb06c62d91b1376a0d71194d3b7d13a922e0f20a
SHA256

efea0efe522aa017c89d97e79a14e630728285b45ba99fef179bb6226a7883e6
SHA512

cd78afd46988eba877cd39e5b472470fce413c09ab77144d439800c6818aa4f080fe6f2c382530e6c40be169a1d6927709e11d98b1c2eb7d674b14b61d1e0829
SSDEEP

384:58V4cigsBljIMtncRrtDC9tgtDsmpjor2FCjuXcwTbW532u/0kqUUslrLhfgCxiZ:yKjjIMtcRrtmgtQmpkrE0uXu12ChfFxk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 2008	1668	regsvr32.exe	28
PID 1668 wrote to memory of 2008	1668	regsvr32.exe	28
PID 1668 wrote to memory of 2008	1668	regsvr32.exe	28
PID 1668 wrote to memory of 2008	1668	regsvr32.exe	28
PID 1668 wrote to memory of 2008	1668	regsvr32.exe	28
PID 1668 wrote to memory of 2008	1668	regsvr32.exe	28
PID 1668 wrote to memory of 2008	1668	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\efea0efe522aa017c89d97e79a14e630728285b45ba99fef179bb6226a7883e6.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\efea0efe522aa017c89d97e79a14e630728285b45ba99fef179bb6226a7883e6.dll
  2⤵
  PID:2008

memory/1668-54-0x000007FEFC2B1000-0x000007FEFC2B3000-memory.dmp

Filesize
8KB

Download
memory/2008-56-0x0000000076AE1000-0x0000000076AE3000-memory.dmp

Filesize
8KB

Download