c4b281fa47e40fbcd8366c12d17f25aa3b1f39550340fbcd2b9daf996eaacc5e

Analysis

max time kernel
218s
max time network
335s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 20:47

Target

c4b281fa47e40fbcd8366c12d17f25aa3b1f39550340fbcd2b9daf996eaacc5e.dll
Size

120KB
MD5

02dc2db3b7786e5ee77566f5bb186f60
SHA1

10c59ee86645db5ea1450cbb6f3a5072105e29c5
SHA256

c4b281fa47e40fbcd8366c12d17f25aa3b1f39550340fbcd2b9daf996eaacc5e
SHA512

524b3113e4cfdf93b0ca2c6e803d27d2ca68fa38ff7ce2f0d461842029bffa3d1827bde9e7841eea862c8cbd3ecaff0a44d3a5a59ce927f064de9dbd92b920ff
SSDEEP

1536:OlqcQf8EVmtoAap73Q+jZsisiuxnf2j1Dezyw:kw8Eyrap8YsifuxfY1iGw

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 596 wrote to memory of 1496	596	regsvr32.exe	28
PID 596 wrote to memory of 1496	596	regsvr32.exe	28
PID 596 wrote to memory of 1496	596	regsvr32.exe	28
PID 596 wrote to memory of 1496	596	regsvr32.exe	28
PID 596 wrote to memory of 1496	596	regsvr32.exe	28
PID 596 wrote to memory of 1496	596	regsvr32.exe	28
PID 596 wrote to memory of 1496	596	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c4b281fa47e40fbcd8366c12d17f25aa3b1f39550340fbcd2b9daf996eaacc5e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:596
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c4b281fa47e40fbcd8366c12d17f25aa3b1f39550340fbcd2b9daf996eaacc5e.dll
  2⤵
  PID:1496

memory/596-54-0x000007FEFB531000-0x000007FEFB533000-memory.dmp

Filesize
8KB

Download
memory/1496-56-0x0000000075151000-0x0000000075153000-memory.dmp

Filesize
8KB

Download