f3815869dfc95ac775eb0a6da23ca791345e59dc25763bbc31e3aece3177cb92

Analysis

max time kernel
3s
max time network
33s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 11:35

Target

f3815869dfc95ac775eb0a6da23ca791345e59dc25763bbc31e3aece3177cb92.dll
Size

135KB
MD5

c24395f5e785c6e73d36cb0359b8ac4c
SHA1

b34563443bd8bc6de67059b80f54b16833f41086
SHA256

f3815869dfc95ac775eb0a6da23ca791345e59dc25763bbc31e3aece3177cb92
SHA512

893ac1eef43e2a17d96e105ad3a4ec630bacda85060ef79f4e6430c778c607f5a0ece9c988bd6703fbd5ac8d51eed24b76604d1f7c3ae500b32b0cc649af08b1
SSDEEP

3072:GkxW8s67j9VdZdbDgG8bfSyRxZ7npAN1prwUWVpdc8yD7n7xHSVF:b9RVvKfrmNMrV8TZSz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 868	1332	regsvr32.exe	28
PID 1332 wrote to memory of 868	1332	regsvr32.exe	28
PID 1332 wrote to memory of 868	1332	regsvr32.exe	28
PID 1332 wrote to memory of 868	1332	regsvr32.exe	28
PID 1332 wrote to memory of 868	1332	regsvr32.exe	28
PID 1332 wrote to memory of 868	1332	regsvr32.exe	28
PID 1332 wrote to memory of 868	1332	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f3815869dfc95ac775eb0a6da23ca791345e59dc25763bbc31e3aece3177cb92.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f3815869dfc95ac775eb0a6da23ca791345e59dc25763bbc31e3aece3177cb92.dll
  2⤵
  PID:868

memory/868-55-0x0000000000000000-mapping.dmp

Download
memory/868-56-0x0000000075351000-0x0000000075353000-memory.dmp

Filesize
8KB

Download
memory/1332-54-0x000007FEFBD11000-0x000007FEFBD13000-memory.dmp

Filesize
8KB

Download