7be21731301a08d4a90269ca9e8e92d2258813b97e78e48c6cbbae23f3aff293

Analysis

max time kernel
23s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 20:25

Target

7be21731301a08d4a90269ca9e8e92d2258813b97e78e48c6cbbae23f3aff293.dll
Size

120KB
MD5

e8df36e9d79e7bfcb8b3de06591fd6f0
SHA1

bf780c34c016dc67b3bb106ece91d32ff00c041a
SHA256

7be21731301a08d4a90269ca9e8e92d2258813b97e78e48c6cbbae23f3aff293
SHA512

c626a232892315372153a94a3ec441ce8580cd4de4a07c992ef01b9ec73d8cdc9b78747a0d3a4e3cbe7186a8ea21d23aa5719feb9be88ce00afb281a8c6b0288
SSDEEP

1536:NJqCQ4dbouOW9uR1WN+I8Pov3daD5gJuy:l/dbFgvG+vov3dMg9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 912	836	regsvr32.exe	27
PID 836 wrote to memory of 912	836	regsvr32.exe	27
PID 836 wrote to memory of 912	836	regsvr32.exe	27
PID 836 wrote to memory of 912	836	regsvr32.exe	27
PID 836 wrote to memory of 912	836	regsvr32.exe	27
PID 836 wrote to memory of 912	836	regsvr32.exe	27
PID 836 wrote to memory of 912	836	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7be21731301a08d4a90269ca9e8e92d2258813b97e78e48c6cbbae23f3aff293.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:836
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7be21731301a08d4a90269ca9e8e92d2258813b97e78e48c6cbbae23f3aff293.dll
  2⤵
  PID:912

memory/836-54-0x000007FEFC341000-0x000007FEFC343000-memory.dmp

Filesize
8KB

Download
memory/912-56-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download