e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4

Analysis

max time kernel
47s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 16:27

Target

e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4.dll
Size

588KB
MD5

c194c6c3f6d30a7c2ed60ab7ff82be62
SHA1

98cfc68a23613cebe6eef9d2905a795d120d6388
SHA256

e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4
SHA512

0ad786d90e1ee9689b2e8003c8acbae44e67c5525bf8ba604e38015713cf1d36f82d70e93fa7ddb5c4262276c4b061f1368bb9135707e41142e902348147a704
SSDEEP

768:Xu8eQ64b2/XZNxAVIkSi2TkKPR2fJcw61UTzS4HMwXYRRGPZMoTiR5:HVb2/GGi2npX1UTzSIoXfoTm5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 824	1380	regsvr32.exe	27
PID 1380 wrote to memory of 824	1380	regsvr32.exe	27
PID 1380 wrote to memory of 824	1380	regsvr32.exe	27
PID 1380 wrote to memory of 824	1380	regsvr32.exe	27
PID 1380 wrote to memory of 824	1380	regsvr32.exe	27
PID 1380 wrote to memory of 824	1380	regsvr32.exe	27
PID 1380 wrote to memory of 824	1380	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e9c9595e0c696016c2c44932b6f2f64b748d295f3b2266e8b59e9c096cbb51d4.dll
  2⤵
  PID:824

memory/824-56-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download
memory/1380-54-0x000007FEFB8B1000-0x000007FEFB8B3000-memory.dmp

Filesize
8KB

Download