cf2db205a5031312e2cfbed598a8ce329ea649c83fc3886d0e84005489d0ff95

Analysis

max time kernel
232s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 20:27

Target

cf2db205a5031312e2cfbed598a8ce329ea649c83fc3886d0e84005489d0ff95.dll
Size

19KB
MD5

e0a4854280c56e6dba6d124571e7063f
SHA1

14b746298c944401f6c7c4c1e002b770f9bba5b4
SHA256

cf2db205a5031312e2cfbed598a8ce329ea649c83fc3886d0e84005489d0ff95
SHA512

39cd874d84bcfc3ff29145f0d685727c151166263ec1b57d4d794426c2e47d551cac3bca0f0b6d22330f505d1e14bb7983500a012dcfac6bef896d3880137ea9
SSDEEP

384:tWWTEcWS8XgSiz3+g7wwfT/I+PtCZeCwLg2zGNnQoW7TFyyQw7TeLs8OzTMP:ioYgfz3f/r/BCwU2zGNnu/UDE8OEP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 516 wrote to memory of 564	516	regsvr32.exe	28
PID 516 wrote to memory of 564	516	regsvr32.exe	28
PID 516 wrote to memory of 564	516	regsvr32.exe	28
PID 516 wrote to memory of 564	516	regsvr32.exe	28
PID 516 wrote to memory of 564	516	regsvr32.exe	28
PID 516 wrote to memory of 564	516	regsvr32.exe	28
PID 516 wrote to memory of 564	516	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cf2db205a5031312e2cfbed598a8ce329ea649c83fc3886d0e84005489d0ff95.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:516
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cf2db205a5031312e2cfbed598a8ce329ea649c83fc3886d0e84005489d0ff95.dll
  2⤵
  PID:564

memory/516-54-0x000007FEFBB31000-0x000007FEFBB33000-memory.dmp

Filesize
8KB

Download
memory/564-56-0x0000000075551000-0x0000000075553000-memory.dmp

Filesize
8KB

Download