90bae90c40ef2236213aa98bfa9828d16b233457f6621442ac231787545e1d35

Analysis

max time kernel
31s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 12:24

Target

90bae90c40ef2236213aa98bfa9828d16b233457f6621442ac231787545e1d35.dll
Size

26KB
MD5

0d77f55c9e7225049ae503f705782eb0
SHA1

e27f8ed59cbd3c5e375ae375a29f6a7b11f5be54
SHA256

90bae90c40ef2236213aa98bfa9828d16b233457f6621442ac231787545e1d35
SHA512

eec44443151630098da838d9949972e04991d48443d9f6189639d526965b322bf1a745de64d87a9ea5db8c21f9c3e3c51eacd6cbb2d81088f233f13890f9caf3
SSDEEP

384:fhJO5J/vuyQonKI6GiMPcvqExFK4c/XK/3eXOlFsCuroV/DF5AePW4E0WcGzF:EvuyQdxMkFK4ci/uXOlt2equsF

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 1756	1988	regsvr32.exe	27
PID 1988 wrote to memory of 1756	1988	regsvr32.exe	27
PID 1988 wrote to memory of 1756	1988	regsvr32.exe	27
PID 1988 wrote to memory of 1756	1988	regsvr32.exe	27
PID 1988 wrote to memory of 1756	1988	regsvr32.exe	27
PID 1988 wrote to memory of 1756	1988	regsvr32.exe	27
PID 1988 wrote to memory of 1756	1988	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\90bae90c40ef2236213aa98bfa9828d16b233457f6621442ac231787545e1d35.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\90bae90c40ef2236213aa98bfa9828d16b233457f6621442ac231787545e1d35.dll
  2⤵
  PID:1756

memory/1756-55-0x0000000000000000-mapping.dmp

Download
memory/1756-56-0x0000000076171000-0x0000000076173000-memory.dmp

Filesize
8KB

Download
memory/1988-54-0x000007FEFC281000-0x000007FEFC283000-memory.dmp

Filesize
8KB

Download