ae156747870abb27aa529d42b5167825484ebde59aceb324c28a14055c2559fc

Analysis

max time kernel
56s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 12:03

Target

ae156747870abb27aa529d42b5167825484ebde59aceb324c28a14055c2559fc.dll
Size

224KB
MD5

f54ecebe7246a063dc3a551f471daa08
SHA1

5be9d46aa9d7e98917bc5caf10d8980b88f8b19a
SHA256

ae156747870abb27aa529d42b5167825484ebde59aceb324c28a14055c2559fc
SHA512

66b46c04fc55dac82e35af21de6fefa6d16f769b15a73e4ad9f590e512773cede8320b7475789c7ec4372b2f9f6b24e3756951129723585125f65d0bc2cec14a
SSDEEP

6144:IimsGrPLyNISpmX7m1cYFkyztWlwDPtIQ2Y:6bLyNarm/iedDFIH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 1408	1188	regsvr32.exe	28
PID 1188 wrote to memory of 1408	1188	regsvr32.exe	28
PID 1188 wrote to memory of 1408	1188	regsvr32.exe	28
PID 1188 wrote to memory of 1408	1188	regsvr32.exe	28
PID 1188 wrote to memory of 1408	1188	regsvr32.exe	28
PID 1188 wrote to memory of 1408	1188	regsvr32.exe	28
PID 1188 wrote to memory of 1408	1188	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ae156747870abb27aa529d42b5167825484ebde59aceb324c28a14055c2559fc.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ae156747870abb27aa529d42b5167825484ebde59aceb324c28a14055c2559fc.dll
  2⤵
  PID:1408

memory/1188-54-0x000007FEFBD41000-0x000007FEFBD43000-memory.dmp

Filesize
8KB

Download
memory/1408-56-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

Filesize
8KB

Download