c7d4637f1c7edbfd695fff7fd853ae42da79f972189c52dd8d44c5a553e6104e

Analysis

max time kernel
40s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 06:10

Target

c7d4637f1c7edbfd695fff7fd853ae42da79f972189c52dd8d44c5a553e6104e.dll
Size

52KB
MD5

c9438ade6014baa72a9ce48179717386
SHA1

6065c358803df93b4db646ac2299e4eea90b2b8a
SHA256

c7d4637f1c7edbfd695fff7fd853ae42da79f972189c52dd8d44c5a553e6104e
SHA512

5dbea1399fbd7a20445ce47a9f48d951c4050dde42c8d66f59a6073c60122c0be004b1c80039823e5779e3a6a4e4c098647f0354719953f5fae50f2f0a068d94
SSDEEP

1536:l4CkPYwM/5aTj2QIbrkLOh9ST6PYFp7my6Znouy8:l4zPYBhaTjWbr4Oh9SWPYHpQout

Score

1^/10

Modifies registry class 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\c7d4637f1c7edbfd695fff7fd853ae42da79f972189c52dd8d44c5a553e6104e.dll"	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32\ThreadingModel = "Apartment"	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}	regsvr32.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\	regsvr32.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{00000000-0000-0000-0000-000000000000}\InprocServer32	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1236	1308	regsvr32.exe	28
PID 1308 wrote to memory of 1236	1308	regsvr32.exe	28
PID 1308 wrote to memory of 1236	1308	regsvr32.exe	28
PID 1308 wrote to memory of 1236	1308	regsvr32.exe	28
PID 1308 wrote to memory of 1236	1308	regsvr32.exe	28
PID 1308 wrote to memory of 1236	1308	regsvr32.exe	28
PID 1308 wrote to memory of 1236	1308	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c7d4637f1c7edbfd695fff7fd853ae42da79f972189c52dd8d44c5a553e6104e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c7d4637f1c7edbfd695fff7fd853ae42da79f972189c52dd8d44c5a553e6104e.dll
  2⤵
  - Modifies registry class
  PID:1236

memory/1236-56-0x00000000766F1000-0x00000000766F3000-memory.dmp

Filesize
8KB

Download
memory/1308-54-0x000007FEFC4E1000-0x000007FEFC4E3000-memory.dmp

Filesize
8KB

Download