e0725f4abeed3750685a464edc490444a08a2613a0ff10a9eebda40d64939e00

Analysis

max time kernel
42s
max time network
112s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 03:38

Target

e0725f4abeed3750685a464edc490444a08a2613a0ff10a9eebda40d64939e00.dll
Size

39KB
MD5

04fd50fd6ce950e21b9642a4d1d8eb68
SHA1

1eaf88908ac0daf8fdec336cb74aec9a4d35034a
SHA256

e0725f4abeed3750685a464edc490444a08a2613a0ff10a9eebda40d64939e00
SHA512

319d5f3fcf1cfbb942e4dbf325362444d07791b4fe26ce8f5bfaeffd215cbedf3682b1d6d60863761742c3fe88350fd370d7154b6b7065243af72106021d294c
SSDEEP

384:HB+zaELyiVy8h19dMPFJgwEqIHPh9OTmY+H9ybdH01EPlrTfjM7cf+we4F+EqRdx:K88h1zM3gwErYU2lrTQ7iY358MK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 1172	1184	regsvr32.exe	26
PID 1184 wrote to memory of 1172	1184	regsvr32.exe	26
PID 1184 wrote to memory of 1172	1184	regsvr32.exe	26
PID 1184 wrote to memory of 1172	1184	regsvr32.exe	26
PID 1184 wrote to memory of 1172	1184	regsvr32.exe	26
PID 1184 wrote to memory of 1172	1184	regsvr32.exe	26
PID 1184 wrote to memory of 1172	1184	regsvr32.exe	26

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e0725f4abeed3750685a464edc490444a08a2613a0ff10a9eebda40d64939e00.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e0725f4abeed3750685a464edc490444a08a2613a0ff10a9eebda40d64939e00.dll
  2⤵
  PID:1172

memory/1172-56-0x0000000074BB1000-0x0000000074BB3000-memory.dmp

Filesize
8KB

Download
memory/1172-57-0x0000000000130000-0x0000000000140000-memory.dmp

Filesize
64KB

Download
memory/1184-54-0x000007FEFB7D1000-0x000007FEFB7D3000-memory.dmp

Filesize
8KB

Download