c01411febfa095aed59a768f83ef3a7f7df99602cc77765ceb8b1f9409d346d4

Analysis

max time kernel
30s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 09:29

Target

c01411febfa095aed59a768f83ef3a7f7df99602cc77765ceb8b1f9409d346d4.dll
Size

76KB
MD5

35caa6078a920815818dafee199b3c1d
SHA1

45e438a75b369832d6e136bb7c61ac1f535c7f78
SHA256

c01411febfa095aed59a768f83ef3a7f7df99602cc77765ceb8b1f9409d346d4
SHA512

5e2cf4e06263a8b56282e826cd77568c271f51418aaba90cb8ca68fcbc8b24852cb62eac912defd3d26b2fb942e1db87c5964d7e41057e303d1e7cf040ef9e68
SSDEEP

1536:U/o/OSVVTycwz5MGU+K+NijFXplgVcDo3SY:D/o1RU+gFXpSVc83S

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 1788	1848	regsvr32.exe	28
PID 1848 wrote to memory of 1788	1848	regsvr32.exe	28
PID 1848 wrote to memory of 1788	1848	regsvr32.exe	28
PID 1848 wrote to memory of 1788	1848	regsvr32.exe	28
PID 1848 wrote to memory of 1788	1848	regsvr32.exe	28
PID 1848 wrote to memory of 1788	1848	regsvr32.exe	28
PID 1848 wrote to memory of 1788	1848	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c01411febfa095aed59a768f83ef3a7f7df99602cc77765ceb8b1f9409d346d4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c01411febfa095aed59a768f83ef3a7f7df99602cc77765ceb8b1f9409d346d4.dll
  2⤵
  PID:1788

memory/1788-56-0x0000000075241000-0x0000000075243000-memory.dmp

Filesize
8KB

Download
memory/1848-54-0x000007FEFBE61000-0x000007FEFBE63000-memory.dmp

Filesize
8KB

Download