059173b1fa60130e2a4bf2f81206602fc05791f33c824107aad6c83a40757109

Analysis

max time kernel
2s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 04:42

Target

059173b1fa60130e2a4bf2f81206602fc05791f33c824107aad6c83a40757109.dll
Size

128KB
MD5

cd95d4f16d8b55c440b4887b38c5a020
SHA1

ad863ff9a594835ce92f70244b41e782659a0823
SHA256

059173b1fa60130e2a4bf2f81206602fc05791f33c824107aad6c83a40757109
SHA512

32834e411e749ae8afbbf8078b95c3eebdbd4f27ed19f7661d18241ecce4f5fdd61b6913dccbcd07f1ed547544ebbad2cbb3c6f1e1977d807c61f20f1be872c0
SSDEEP

1536:0JqYQw0QByS5A8i2li95fpFg7ezKMTlCkPm36:WBbYS5A/2ik4lC5q

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 604 wrote to memory of 1184	604	regsvr32.exe	28
PID 604 wrote to memory of 1184	604	regsvr32.exe	28
PID 604 wrote to memory of 1184	604	regsvr32.exe	28
PID 604 wrote to memory of 1184	604	regsvr32.exe	28
PID 604 wrote to memory of 1184	604	regsvr32.exe	28
PID 604 wrote to memory of 1184	604	regsvr32.exe	28
PID 604 wrote to memory of 1184	604	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\059173b1fa60130e2a4bf2f81206602fc05791f33c824107aad6c83a40757109.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:604
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\059173b1fa60130e2a4bf2f81206602fc05791f33c824107aad6c83a40757109.dll
  2⤵
  PID:1184

memory/604-54-0x000007FEFBB11000-0x000007FEFBB13000-memory.dmp

Filesize
8KB

Download
memory/1184-56-0x0000000074FD1000-0x0000000074FD3000-memory.dmp

Filesize
8KB

Download