0438bc38dccd357834265c71a0c02f93e86b1539d86e581366fa0688548d08e2

Analysis

max time kernel
4s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 19:07

Target

0438bc38dccd357834265c71a0c02f93e86b1539d86e581366fa0688548d08e2.dll
Size

600KB
MD5

f20ee9142e0dad1011a8ec4b7e42d2ea
SHA1

1de3e2d1a5c50de3781cd8100f1b8f599d50ef43
SHA256

0438bc38dccd357834265c71a0c02f93e86b1539d86e581366fa0688548d08e2
SHA512

4c784419ac0cbf69822374f98a7368f6895ba28663a1b8fd0dc2b2c4fcc4f441c532c6119ebdac526a1525d967008f34c3c311ee49a9ea5b5c98b34c058233a1
SSDEEP

12288:XhE50Kc1h6S3o1TFcrdZoPEDfXKtoYnn7Bmys:Z3o1irdePEDaSYYx

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1808 wrote to memory of 1232	1808	regsvr32.exe	28
PID 1808 wrote to memory of 1232	1808	regsvr32.exe	28
PID 1808 wrote to memory of 1232	1808	regsvr32.exe	28
PID 1808 wrote to memory of 1232	1808	regsvr32.exe	28
PID 1808 wrote to memory of 1232	1808	regsvr32.exe	28
PID 1808 wrote to memory of 1232	1808	regsvr32.exe	28
PID 1808 wrote to memory of 1232	1808	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0438bc38dccd357834265c71a0c02f93e86b1539d86e581366fa0688548d08e2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1808
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0438bc38dccd357834265c71a0c02f93e86b1539d86e581366fa0688548d08e2.dll
  2⤵
  PID:1232

memory/1232-56-0x0000000075991000-0x0000000075993000-memory.dmp

Filesize
8KB

Download
memory/1808-54-0x000007FEFB7C1000-0x000007FEFB7C3000-memory.dmp

Filesize
8KB

Download