ba616bf255a437e37e05b66197d3bb7aa4c15cc8db8d236cf34d3b9567a13875

Analysis

max time kernel
58s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 01:06

Target

ba616bf255a437e37e05b66197d3bb7aa4c15cc8db8d236cf34d3b9567a13875.dll
Size

289KB
MD5

013dcd88c268545321a41ee2fa0ec980
SHA1

da6a6cda3d9109e80851eeeb15b8d28d0b99bdb2
SHA256

ba616bf255a437e37e05b66197d3bb7aa4c15cc8db8d236cf34d3b9567a13875
SHA512

bad7668decbce74cf03641f8c0dcb02c339d08d2751329594f107361d92e9efb2056f576fddbb60ceea1e082ec50da9f7efdded04b355c5daa43ce2ed6f49f5d
SSDEEP

6144:2SvjMkymDEeEzdHiq+gYQAt3ET8esg2Q:3v4deqBiquEH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 2036	1292	regsvr32.exe	28
PID 1292 wrote to memory of 2036	1292	regsvr32.exe	28
PID 1292 wrote to memory of 2036	1292	regsvr32.exe	28
PID 1292 wrote to memory of 2036	1292	regsvr32.exe	28
PID 1292 wrote to memory of 2036	1292	regsvr32.exe	28
PID 1292 wrote to memory of 2036	1292	regsvr32.exe	28
PID 1292 wrote to memory of 2036	1292	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ba616bf255a437e37e05b66197d3bb7aa4c15cc8db8d236cf34d3b9567a13875.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ba616bf255a437e37e05b66197d3bb7aa4c15cc8db8d236cf34d3b9567a13875.dll
  2⤵
  PID:2036

memory/1292-54-0x000007FEFBF31000-0x000007FEFBF33000-memory.dmp

Filesize
8KB

Download
memory/2036-55-0x0000000000000000-mapping.dmp

Download
memory/2036-56-0x0000000075531000-0x0000000075533000-memory.dmp

Filesize
8KB

Download
memory/2036-57-0x00000000001A0000-0x00000000001AF000-memory.dmp

Filesize
60KB

Download