a6d7ebd07f9cef8902e7eea1d6aa9a483df2252bb2505c962b8aee802b2a6335

Analysis

max time kernel
46s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 15:58

Target

a6d7ebd07f9cef8902e7eea1d6aa9a483df2252bb2505c962b8aee802b2a6335.dll
Size

588KB
MD5

8c0b32ec44a8c6a0d33c355047d40f73
SHA1

a5348ff508dd787b7cce131fcab4d996370a54d9
SHA256

a6d7ebd07f9cef8902e7eea1d6aa9a483df2252bb2505c962b8aee802b2a6335
SHA512

bd43316c7bb71385eeb8474c11f6fa1fee35c316880919352456e4958ca570172cea439252a7b5e4b809888598f0945367a81156799ef5d9f3f54544f7a6b509
SSDEEP

768:i58e3sWYY2uXZ9hAVaAeStKIZ+2fJcwqVETAz4HMBbsjjRGPZMobhV:55Y2IGe7IZ+nVETAzFs1fobP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 1948	1880	regsvr32.exe	27
PID 1880 wrote to memory of 1948	1880	regsvr32.exe	27
PID 1880 wrote to memory of 1948	1880	regsvr32.exe	27
PID 1880 wrote to memory of 1948	1880	regsvr32.exe	27
PID 1880 wrote to memory of 1948	1880	regsvr32.exe	27
PID 1880 wrote to memory of 1948	1880	regsvr32.exe	27
PID 1880 wrote to memory of 1948	1880	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a6d7ebd07f9cef8902e7eea1d6aa9a483df2252bb2505c962b8aee802b2a6335.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a6d7ebd07f9cef8902e7eea1d6aa9a483df2252bb2505c962b8aee802b2a6335.dll
  2⤵
  PID:1948

memory/1880-54-0x000007FEFBEE1000-0x000007FEFBEE3000-memory.dmp

Filesize
8KB

Download
memory/1948-56-0x0000000075D71000-0x0000000075D73000-memory.dmp

Filesize
8KB

Download