c541a93c1341b72c4c95e3dfc29ea6e56326d477c07aebf54a5d3ef7f9235428

Analysis

max time kernel
34s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 13:34

Target

c541a93c1341b72c4c95e3dfc29ea6e56326d477c07aebf54a5d3ef7f9235428.dll
Size

88KB
MD5

eb1895aee41589ed6e14775dc4b9fc54
SHA1

18b120e8d57b58b0463479f6dedbbb7e5933f7bc
SHA256

c541a93c1341b72c4c95e3dfc29ea6e56326d477c07aebf54a5d3ef7f9235428
SHA512

18c9405434b8cf940435166519af2a37461b7564e8ac5894f51ba70a959d40a709e88e95b5469565bc416898e725f4d8aafd0f491cf7a3752834634a76d9e486
SSDEEP

1536:oowcyP7K1xxDub0g+ynOkabgEnfKC1wzF9SICS4AnDD9J1KUbjsLa9/6TPR39PH:ooJyPExDubjnMbgEnfL+xptJ1KUnPJ6X

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 780 wrote to memory of 1920	780	regsvr32.exe	27
PID 780 wrote to memory of 1920	780	regsvr32.exe	27
PID 780 wrote to memory of 1920	780	regsvr32.exe	27
PID 780 wrote to memory of 1920	780	regsvr32.exe	27
PID 780 wrote to memory of 1920	780	regsvr32.exe	27
PID 780 wrote to memory of 1920	780	regsvr32.exe	27
PID 780 wrote to memory of 1920	780	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c541a93c1341b72c4c95e3dfc29ea6e56326d477c07aebf54a5d3ef7f9235428.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:780
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c541a93c1341b72c4c95e3dfc29ea6e56326d477c07aebf54a5d3ef7f9235428.dll
  2⤵
  PID:1920

memory/780-54-0x000007FEFBD81000-0x000007FEFBD83000-memory.dmp

Filesize
8KB

Download
memory/1920-56-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download