ee129d7f81be7e04e4e2bc37ec3a47967b7fa2413dba5005d1d342565983e4d3

Analysis

max time kernel
35s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 20:47

Target

ee129d7f81be7e04e4e2bc37ec3a47967b7fa2413dba5005d1d342565983e4d3.dll
Size

45KB
MD5

a70088f0dd934c758e5863c222537067
SHA1

5d89aaca2773cebcdf094ed3cdb649f00205f5e4
SHA256

ee129d7f81be7e04e4e2bc37ec3a47967b7fa2413dba5005d1d342565983e4d3
SHA512

24e8460501e5f44dd4386f2450f65a0ade38a87b779c22e7f195836cfb208869a22b9301b95025edc8939a6c8ec2bb7bdd226690c1a1e301786fdb97d697cade
SSDEEP

768:nz6KN0TQVsuE0NnMX+F4LdG6NK9iiKI7hxPc2ab:nzFEQc0NnM3NKjKBXb

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 1704	1116	regsvr32.exe	17
PID 1116 wrote to memory of 1704	1116	regsvr32.exe	17
PID 1116 wrote to memory of 1704	1116	regsvr32.exe	17
PID 1116 wrote to memory of 1704	1116	regsvr32.exe	17
PID 1116 wrote to memory of 1704	1116	regsvr32.exe	17
PID 1116 wrote to memory of 1704	1116	regsvr32.exe	17
PID 1116 wrote to memory of 1704	1116	regsvr32.exe	17

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ee129d7f81be7e04e4e2bc37ec3a47967b7fa2413dba5005d1d342565983e4d3.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ee129d7f81be7e04e4e2bc37ec3a47967b7fa2413dba5005d1d342565983e4d3.dll
  2⤵
  PID:1704

memory/1116-54-0x000007FEFB9E1000-0x000007FEFB9E3000-memory.dmp

Filesize
8KB

Download
memory/1704-56-0x00000000758B1000-0x00000000758B3000-memory.dmp

Filesize
8KB

Download