2544e8840df200025c42c2905c24684bed4d8c8793a14affbd35789e9e1ff7db

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 07:11

Target

2544e8840df200025c42c2905c24684bed4d8c8793a14affbd35789e9e1ff7db.dll
Size

2.4MB
MD5

5bf229417b5d9a3f2be826b111c927ac
SHA1

efe107a755d13ebe2226b9855f6930ece7f61272
SHA256

2544e8840df200025c42c2905c24684bed4d8c8793a14affbd35789e9e1ff7db
SHA512

3bbe9de80b390b380f35161b1dce3b12e7a33fc00f437ec2a55f5f0ea31eb18272e4d835b6758c3c5fa8390fafacb6b80e3944c14fdee0d65817e11924ac1058
SSDEEP

768:YtKXjIMtcRrtmgtQmpkrEEW39rpHz/hfFxDp:YtwjxtcxPr5EWFpHz/PH

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 288 wrote to memory of 876	288	regsvr32.exe	28
PID 288 wrote to memory of 876	288	regsvr32.exe	28
PID 288 wrote to memory of 876	288	regsvr32.exe	28
PID 288 wrote to memory of 876	288	regsvr32.exe	28
PID 288 wrote to memory of 876	288	regsvr32.exe	28
PID 288 wrote to memory of 876	288	regsvr32.exe	28
PID 288 wrote to memory of 876	288	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2544e8840df200025c42c2905c24684bed4d8c8793a14affbd35789e9e1ff7db.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:288
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2544e8840df200025c42c2905c24684bed4d8c8793a14affbd35789e9e1ff7db.dll
  2⤵
  PID:876

memory/288-54-0x000007FEFBC61000-0x000007FEFBC63000-memory.dmp

Filesize
8KB

Download
memory/876-56-0x0000000075B11000-0x0000000075B13000-memory.dmp

Filesize
8KB

Download