ef412e72ab0c425fd72e74fe98f5715bb30cec09371665f3afd72b85a78ecf44

Analysis

max time kernel
38s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 04:05

Target

ef412e72ab0c425fd72e74fe98f5715bb30cec09371665f3afd72b85a78ecf44.dll
Size

196KB
MD5

34d575d6fc05c78c65ee332777d19a80
SHA1

d044c36e0ddf8e50b6925bba7445707c7efe9f65
SHA256

ef412e72ab0c425fd72e74fe98f5715bb30cec09371665f3afd72b85a78ecf44
SHA512

0abfb8a1531ed7055e9750d9682b519814de192866990c3ef907180c7c26ad53ea692b627052efe88be5514fe91748364044e9913a9a2955e64bd71238cd4bfd
SSDEEP

3072:QyE5rzmralbxX9bhWYa+7bN7S453slTBfCA75z2hVMwai8K6sG:BavRkYa2bN7S4SlTBqA75zqywUK9G

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 1056	1488	regsvr32.exe	26
PID 1488 wrote to memory of 1056	1488	regsvr32.exe	26
PID 1488 wrote to memory of 1056	1488	regsvr32.exe	26
PID 1488 wrote to memory of 1056	1488	regsvr32.exe	26
PID 1488 wrote to memory of 1056	1488	regsvr32.exe	26
PID 1488 wrote to memory of 1056	1488	regsvr32.exe	26
PID 1488 wrote to memory of 1056	1488	regsvr32.exe	26

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ef412e72ab0c425fd72e74fe98f5715bb30cec09371665f3afd72b85a78ecf44.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ef412e72ab0c425fd72e74fe98f5715bb30cec09371665f3afd72b85a78ecf44.dll
  2⤵
  PID:1056

memory/1056-56-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download
memory/1488-54-0x000007FEFC431000-0x000007FEFC433000-memory.dmp

Filesize
8KB

Download