cd4a4f29eb2def36de255c936ed732d4f0ec76763640e82e60e41430b729b99c

Analysis

max time kernel
13s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 05:33

Target

cd4a4f29eb2def36de255c936ed732d4f0ec76763640e82e60e41430b729b99c.dll
Size

451KB
MD5

0f81c96c71507d1e86e6482098226fae
SHA1

44d06679af6312bf81134ead120d0d3b71e5cbce
SHA256

cd4a4f29eb2def36de255c936ed732d4f0ec76763640e82e60e41430b729b99c
SHA512

e846147e91a3d7358222528affaaebc0c3c0b102a8b4ab5aa081025c3362fc57c059bcaaa854190927b15d6313dbd3137549ff302bbf39a5dfb954a59a9ea7e2
SSDEEP

6144:k30To6P/ER5hB116eZ/VA9YvcYCCu9jWtJLDTDtZk8mgMCCP0McqICfMpnT+1zV8:A0To6nER5b6RCjtJvXEKqICEpnmVIzV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1588 wrote to memory of 1728	1588	regsvr32.exe	27
PID 1588 wrote to memory of 1728	1588	regsvr32.exe	27
PID 1588 wrote to memory of 1728	1588	regsvr32.exe	27
PID 1588 wrote to memory of 1728	1588	regsvr32.exe	27
PID 1588 wrote to memory of 1728	1588	regsvr32.exe	27
PID 1588 wrote to memory of 1728	1588	regsvr32.exe	27
PID 1588 wrote to memory of 1728	1588	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cd4a4f29eb2def36de255c936ed732d4f0ec76763640e82e60e41430b729b99c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1588
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cd4a4f29eb2def36de255c936ed732d4f0ec76763640e82e60e41430b729b99c.dll
  2⤵
  PID:1728

memory/1588-54-0x000007FEFC511000-0x000007FEFC513000-memory.dmp

Filesize
8KB

Download
memory/1728-56-0x0000000075CF1000-0x0000000075CF3000-memory.dmp

Filesize
8KB

Download