351dcc5131fc37d164963779064f1d68c2d0dbfcc6a6d9d1f809767457d9d6ad

Analysis

max time kernel
7s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 00:14 UTC

Target

351dcc5131fc37d164963779064f1d68c2d0dbfcc6a6d9d1f809767457d9d6ad.dll
Size

588KB
MD5

104ffe9cb1c8e06559120a6506465731
SHA1

6a55685be0d8317064fb341a52d02aa6a8cffab4
SHA256

351dcc5131fc37d164963779064f1d68c2d0dbfcc6a6d9d1f809767457d9d6ad
SHA512

c6f1e809cb3dc99a9dd54c46487d7d55d57b6e1ee502108dd532ced8ba4eb3af6721c5f1058d9f6d6eee8dfab9782b6adb09f735a6acfcc153e852f26bacb522
SSDEEP

768:H4Rs4+D1Yi20XZ9hAVx/qtKIZ+2fJcwqVETAz4HMBbsjjRGPZMomV:esCi2iGVDIZ+nVETAzFs1foa

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 1344	1276	regsvr32.exe	28
PID 1276 wrote to memory of 1344	1276	regsvr32.exe	28
PID 1276 wrote to memory of 1344	1276	regsvr32.exe	28
PID 1276 wrote to memory of 1344	1276	regsvr32.exe	28
PID 1276 wrote to memory of 1344	1276	regsvr32.exe	28
PID 1276 wrote to memory of 1344	1276	regsvr32.exe	28
PID 1276 wrote to memory of 1344	1276	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\351dcc5131fc37d164963779064f1d68c2d0dbfcc6a6d9d1f809767457d9d6ad.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\351dcc5131fc37d164963779064f1d68c2d0dbfcc6a6d9d1f809767457d9d6ad.dll
  2⤵
  PID:1344

memory/1276-54-0x000007FEFB731000-0x000007FEFB733000-memory.dmp

Filesize
8KB

Download
memory/1344-56-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download