f6778f0b9b0c6efc9a26ed2ebfbe45966c73bf1b1ad261245aeab3926b11c3b5

Analysis

max time kernel
41s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 11:06

Target

f6778f0b9b0c6efc9a26ed2ebfbe45966c73bf1b1ad261245aeab3926b11c3b5.dll
Size

588KB
MD5

735223dda1481f01c7e06ad4d33c0689
SHA1

14a3d4d345bf2088366bb152f57b889069e9ff5e
SHA256

f6778f0b9b0c6efc9a26ed2ebfbe45966c73bf1b1ad261245aeab3926b11c3b5
SHA512

849d328e1ecce941fddb592d75c8856f1707e7b3ebf22e961a69ba035e028ac8b007833a4fba973a4a97de651a1c229f18291aec16e4fb1e73a596a0bd4cd9fd
SSDEEP

768:G58e3sBYY2uXZ9hAVaAeStKIZ+2fJcwqVETAz4HMBbsjjRGPZMoDhV:FeY2IGe7IZ+nVETAzFs1foDP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 788	1404	regsvr32.exe	28
PID 1404 wrote to memory of 788	1404	regsvr32.exe	28
PID 1404 wrote to memory of 788	1404	regsvr32.exe	28
PID 1404 wrote to memory of 788	1404	regsvr32.exe	28
PID 1404 wrote to memory of 788	1404	regsvr32.exe	28
PID 1404 wrote to memory of 788	1404	regsvr32.exe	28
PID 1404 wrote to memory of 788	1404	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f6778f0b9b0c6efc9a26ed2ebfbe45966c73bf1b1ad261245aeab3926b11c3b5.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f6778f0b9b0c6efc9a26ed2ebfbe45966c73bf1b1ad261245aeab3926b11c3b5.dll
  2⤵
  PID:788

memory/788-56-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download
memory/1404-54-0x000007FEFB8A1000-0x000007FEFB8A3000-memory.dmp

Filesize
8KB

Download