17a80409273c6cb31098eb2f8dab35dace88f6b8f26a7efacdc2cb1bf013de79

Analysis

max time kernel
46s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 20:16

Target

17a80409273c6cb31098eb2f8dab35dace88f6b8f26a7efacdc2cb1bf013de79.dll
Size

128KB
MD5

22935ce11755a3361ad63271f9dcff50
SHA1

73b84b06af27e387b08aba0842619a47a76e18e2
SHA256

17a80409273c6cb31098eb2f8dab35dace88f6b8f26a7efacdc2cb1bf013de79
SHA512

79ae451e4659e2a6b1927f2ce89c892df483659fccae8e6977350beebd12eb01114bf83ed528bbab283efd2e8b184292c8c823eb80bc3355233fd9b91337691a
SSDEEP

1536:3mqvQVHXWRXjWm5YO6w9E3hy3FVhtoueZIbBL:N03WJjNuw9oo3F/CueZk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 1280	1324	regsvr32.exe	27
PID 1324 wrote to memory of 1280	1324	regsvr32.exe	27
PID 1324 wrote to memory of 1280	1324	regsvr32.exe	27
PID 1324 wrote to memory of 1280	1324	regsvr32.exe	27
PID 1324 wrote to memory of 1280	1324	regsvr32.exe	27
PID 1324 wrote to memory of 1280	1324	regsvr32.exe	27
PID 1324 wrote to memory of 1280	1324	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\17a80409273c6cb31098eb2f8dab35dace88f6b8f26a7efacdc2cb1bf013de79.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\17a80409273c6cb31098eb2f8dab35dace88f6b8f26a7efacdc2cb1bf013de79.dll
  2⤵
  PID:1280

memory/1280-56-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download
memory/1324-54-0x000007FEFB781000-0x000007FEFB783000-memory.dmp

Filesize
8KB

Download