f3142211ca66d82461ac60bd9b1e753846ce033db7ee5a09f9f013740c8289d4

Analysis

max time kernel
4s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 11:39

Target

f3142211ca66d82461ac60bd9b1e753846ce033db7ee5a09f9f013740c8289d4.dll
Size

52KB
MD5

eb14c8c2e2ef8afa73b531a74c4481c0
SHA1

078e475525b0b6813c5bbbd28969280a22575b2d
SHA256

f3142211ca66d82461ac60bd9b1e753846ce033db7ee5a09f9f013740c8289d4
SHA512

50dc81c686b79fa8b3642d7e9fa43661051abcaf1565914ebf357d4463340db063be645915285083c3ca2ac03e65f10fb039eff7584f67fcb785f184a349f618
SSDEEP

768:5WloRxfg9SQAK1mPjLnlq/GkZCE6T2xHlmyWj+87YpP7TZ+bpNgy:Q8Rg96+6lm7NTFqNkvApNg

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 1188	1628	regsvr32.exe	28
PID 1628 wrote to memory of 1188	1628	regsvr32.exe	28
PID 1628 wrote to memory of 1188	1628	regsvr32.exe	28
PID 1628 wrote to memory of 1188	1628	regsvr32.exe	28
PID 1628 wrote to memory of 1188	1628	regsvr32.exe	28
PID 1628 wrote to memory of 1188	1628	regsvr32.exe	28
PID 1628 wrote to memory of 1188	1628	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f3142211ca66d82461ac60bd9b1e753846ce033db7ee5a09f9f013740c8289d4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f3142211ca66d82461ac60bd9b1e753846ce033db7ee5a09f9f013740c8289d4.dll
  2⤵
  PID:1188

memory/1188-55-0x0000000000000000-mapping.dmp

Download
memory/1188-56-0x0000000075BE1000-0x0000000075BE3000-memory.dmp

Filesize
8KB

Download
memory/1628-54-0x000007FEFBD41000-0x000007FEFBD43000-memory.dmp

Filesize
8KB

Download