af5aec3f875f46331f6d3d23a3f3483cdce2978cc5390f01480eec4411387506

Analysis

max time kernel
55s
max time network
35s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 12:03

Target

af5aec3f875f46331f6d3d23a3f3483cdce2978cc5390f01480eec4411387506.dll
Size

273KB
MD5

7b614043b53a7eeca6b808ea29b238ac
SHA1

2c5eff86e0f05f026a675c092d1f98908347dcdd
SHA256

af5aec3f875f46331f6d3d23a3f3483cdce2978cc5390f01480eec4411387506
SHA512

5587ddc56ff275975a70c6013251f3b65b62283242637eb3ec1461f50d80bbeaa4736adcbb07351c69fbc768799487a64d5690d1c2dd81eb0d7f216f8380a5f2
SSDEEP

6144:xfo5rJAq8n8yIqESGEra2Q1Rdr+p5SbXV1xvL2XaoOM:6J+qYIlSIV1R4zIfigM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1304 wrote to memory of 544	1304	regsvr32.exe	27
PID 1304 wrote to memory of 544	1304	regsvr32.exe	27
PID 1304 wrote to memory of 544	1304	regsvr32.exe	27
PID 1304 wrote to memory of 544	1304	regsvr32.exe	27
PID 1304 wrote to memory of 544	1304	regsvr32.exe	27
PID 1304 wrote to memory of 544	1304	regsvr32.exe	27
PID 1304 wrote to memory of 544	1304	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\af5aec3f875f46331f6d3d23a3f3483cdce2978cc5390f01480eec4411387506.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1304
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\af5aec3f875f46331f6d3d23a3f3483cdce2978cc5390f01480eec4411387506.dll
  2⤵
  PID:544

memory/544-56-0x00000000759C1000-0x00000000759C3000-memory.dmp

Filesize
8KB

Download
memory/1304-54-0x000007FEFBA21000-0x000007FEFBA23000-memory.dmp

Filesize
8KB

Download