a7c37285a5961cafe3ecfbd65f0312d4ce38833010462a46024c0a8842de319e

Analysis

max time kernel
243s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
01/12/2022, 19:57

Target

a7c37285a5961cafe3ecfbd65f0312d4ce38833010462a46024c0a8842de319e.dll
Size

128KB
MD5

aadd1c195ca58e3dbda917ad655d1221
SHA1

a5a53d9c1d75dd29bc0e62ea2935255243d485ad
SHA256

a7c37285a5961cafe3ecfbd65f0312d4ce38833010462a46024c0a8842de319e
SHA512

66f7ca28ff529273231c364022cfd5bc01f8d03aca551841ace240f8a0b9d07de7a2de9da8e09795361bee4da5d4753754d8a852ed373ca4ded5e6d35f27e45e
SSDEEP

1536:FkUgJ+DBTC2tOmXbJVaK3R0XMJ33iU5hVXl7NeLZ61due6moMNNlltdgHXTzHrzz:2QTOubqoNNfol

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 652 wrote to memory of 556	652	regsvr32.exe	28
PID 652 wrote to memory of 556	652	regsvr32.exe	28
PID 652 wrote to memory of 556	652	regsvr32.exe	28
PID 652 wrote to memory of 556	652	regsvr32.exe	28
PID 652 wrote to memory of 556	652	regsvr32.exe	28
PID 652 wrote to memory of 556	652	regsvr32.exe	28
PID 652 wrote to memory of 556	652	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a7c37285a5961cafe3ecfbd65f0312d4ce38833010462a46024c0a8842de319e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:652
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a7c37285a5961cafe3ecfbd65f0312d4ce38833010462a46024c0a8842de319e.dll
  2⤵
  PID:556

memory/556-56-0x0000000074ED1000-0x0000000074ED3000-memory.dmp

Filesize
8KB

Download
memory/652-54-0x000007FEFB691000-0x000007FEFB693000-memory.dmp

Filesize
8KB

Download