2373e15593bc890756488c13e7c69011b56d83172489ae43862bc9074aeb37c8

Analysis

max time kernel
4s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 20:16

Target

2373e15593bc890756488c13e7c69011b56d83172489ae43862bc9074aeb37c8.dll
Size

128KB
MD5

1d32095a7f7623ecf8d1d883b085bb70
SHA1

5cc31b79b829436094973925b7f1e8a8e3bed91e
SHA256

2373e15593bc890756488c13e7c69011b56d83172489ae43862bc9074aeb37c8
SHA512

ef5d2bf8299822515b90563e38efc8a4424c3479fead20498b9fce8f0b5d3e4382818bac41cb8ba4187ed3b31de9d41566bdc5736c555588f048269f07313f2a
SSDEEP

768:AECaqTQ+hW807aX4U9MNboBCDY1gru8qSFXVsRrEAjQZgV2ggxbbEKc9X0MrYPv7:QaqTQF7aX4LN5yK+VEAjuOwt80MEvjX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 820 wrote to memory of 952	820	regsvr32.exe	28
PID 820 wrote to memory of 952	820	regsvr32.exe	28
PID 820 wrote to memory of 952	820	regsvr32.exe	28
PID 820 wrote to memory of 952	820	regsvr32.exe	28
PID 820 wrote to memory of 952	820	regsvr32.exe	28
PID 820 wrote to memory of 952	820	regsvr32.exe	28
PID 820 wrote to memory of 952	820	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2373e15593bc890756488c13e7c69011b56d83172489ae43862bc9074aeb37c8.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:820
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2373e15593bc890756488c13e7c69011b56d83172489ae43862bc9074aeb37c8.dll
  2⤵
  PID:952

memory/820-54-0x000007FEFBAC1000-0x000007FEFBAC3000-memory.dmp

Filesize
8KB

Download
memory/952-56-0x0000000075591000-0x0000000075593000-memory.dmp

Filesize
8KB

Download