db483f2af5ecde76079b41ceb8683f5cbce391f0e1f88e482b6e047ef55f3c57

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 05:42

Target

db483f2af5ecde76079b41ceb8683f5cbce391f0e1f88e482b6e047ef55f3c57.dll
Size

27KB
MD5

c1b08a6456bc1d4a9e979a5050f504ee
SHA1

a9b645b123159a707b76f0afe8dca33650867690
SHA256

db483f2af5ecde76079b41ceb8683f5cbce391f0e1f88e482b6e047ef55f3c57
SHA512

6af1e6a66b3c9c8a148d9c6005d6492683051b4e3fbc726d7f16783665fab8281b2cf1cd3077fed6f91b46af0bae064bf617b86d6247ef5c97d4a35add923366
SSDEEP

768:t5CKBqdSHQefh9f8eIRWL0yydGr9mhaEORI:tgqqYHQgURR20ye8ShORI

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 748	536	regsvr32.exe	28
PID 536 wrote to memory of 748	536	regsvr32.exe	28
PID 536 wrote to memory of 748	536	regsvr32.exe	28
PID 536 wrote to memory of 748	536	regsvr32.exe	28
PID 536 wrote to memory of 748	536	regsvr32.exe	28
PID 536 wrote to memory of 748	536	regsvr32.exe	28
PID 536 wrote to memory of 748	536	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\db483f2af5ecde76079b41ceb8683f5cbce391f0e1f88e482b6e047ef55f3c57.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:536
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\db483f2af5ecde76079b41ceb8683f5cbce391f0e1f88e482b6e047ef55f3c57.dll
  2⤵
  PID:748

memory/536-54-0x000007FEFBC61000-0x000007FEFBC63000-memory.dmp

Filesize
8KB

Download
memory/748-56-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download