c8b19d569b0439671f80d9ec1084924046b8027be7fee90761c32fdd612f9a7b

Analysis

max time kernel
26s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 17:19

Target

c8b19d569b0439671f80d9ec1084924046b8027be7fee90761c32fdd612f9a7b.dll
Size

616KB
MD5

651cc4af31995c65acd78e57c7aa6f5d
SHA1

231b25ce12a91c0a3c509a818b00004b0cf53ce8
SHA256

c8b19d569b0439671f80d9ec1084924046b8027be7fee90761c32fdd612f9a7b
SHA512

9967fc2235e87ca055f2f17fe931f758f6c48bf64695d7edd40dbc13819c1791058d71a533f93457bd156a6c7c44709a3c84b361c431763eb93d5eb9cef76cd5
SSDEEP

12288:JhE57x9jnUzu31Hj2uZoREDfXKtorPMn7BAtU:or3Z2ueREDaSzltU

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 1948	1968	regsvr32.exe	28
PID 1968 wrote to memory of 1948	1968	regsvr32.exe	28
PID 1968 wrote to memory of 1948	1968	regsvr32.exe	28
PID 1968 wrote to memory of 1948	1968	regsvr32.exe	28
PID 1968 wrote to memory of 1948	1968	regsvr32.exe	28
PID 1968 wrote to memory of 1948	1968	regsvr32.exe	28
PID 1968 wrote to memory of 1948	1968	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c8b19d569b0439671f80d9ec1084924046b8027be7fee90761c32fdd612f9a7b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c8b19d569b0439671f80d9ec1084924046b8027be7fee90761c32fdd612f9a7b.dll
  2⤵
  PID:1948

memory/1948-56-0x0000000075DA1000-0x0000000075DA3000-memory.dmp

Filesize
8KB

Download
memory/1968-54-0x000007FEFC631000-0x000007FEFC633000-memory.dmp

Filesize
8KB

Download