979d33540aefcdd3d886f0139b4065494e9ba68f7e08c7c58fe1193a7aa8d799

Analysis

max time kernel
29s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 16:52

Target

979d33540aefcdd3d886f0139b4065494e9ba68f7e08c7c58fe1193a7aa8d799.dll
Size

128KB
MD5

626e8922f4b8169f020c29a42e34a12f
SHA1

4a92b18cf89c948ec4c5935f4b250e410f9fed48
SHA256

979d33540aefcdd3d886f0139b4065494e9ba68f7e08c7c58fe1193a7aa8d799
SHA512

018cd1310bf1d8dec72519de6a0c91bf5de7b6b1177e8b6e4cb308c8da16ef35bb14a717bb9af9a17477653fa047e063ef7ba3433e55ac63e51cd52ff89dd43d
SSDEEP

1536:wUgJ+b7g2rWyvmULwsQqdnITBNQIZnCLzsVA6:w+rWyv7wc8iItCLzsVH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1740	904	regsvr32.exe	28
PID 904 wrote to memory of 1740	904	regsvr32.exe	28
PID 904 wrote to memory of 1740	904	regsvr32.exe	28
PID 904 wrote to memory of 1740	904	regsvr32.exe	28
PID 904 wrote to memory of 1740	904	regsvr32.exe	28
PID 904 wrote to memory of 1740	904	regsvr32.exe	28
PID 904 wrote to memory of 1740	904	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\979d33540aefcdd3d886f0139b4065494e9ba68f7e08c7c58fe1193a7aa8d799.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\979d33540aefcdd3d886f0139b4065494e9ba68f7e08c7c58fe1193a7aa8d799.dll
  2⤵
  PID:1740

memory/904-54-0x000007FEFB741000-0x000007FEFB743000-memory.dmp

Filesize
8KB

Download
memory/1740-56-0x0000000075281000-0x0000000075283000-memory.dmp

Filesize
8KB

Download