a9e1362a7c9f65b47559f39b912944e74fdf9a785d81c82300498851bbc50627

Analysis

max time kernel
9s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 06:31

Target

a9e1362a7c9f65b47559f39b912944e74fdf9a785d81c82300498851bbc50627.dll
Size

111KB
MD5

0b0fafd19667288a482becaf2c83b0c4
SHA1

95c53657937f13d3557389c6adc788f1f1eb364f
SHA256

a9e1362a7c9f65b47559f39b912944e74fdf9a785d81c82300498851bbc50627
SHA512

8ae96dc01cf809c06cafa157db34387e1986d5ea06b7fab3efbee7c201965dc08b46f773305840fcabddd4113af3a3406f97f21cce51a8a94f2bf2a1d6405b6d
SSDEEP

1536:R5UfVZv6h9jo2rql+ERXuSclSFfL3eoxta2OMdj3KdQZ:R5UP6hKRXuS6S9L3e2ta2OMdj3KM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 1932	1124	regsvr32.exe	27
PID 1124 wrote to memory of 1932	1124	regsvr32.exe	27
PID 1124 wrote to memory of 1932	1124	regsvr32.exe	27
PID 1124 wrote to memory of 1932	1124	regsvr32.exe	27
PID 1124 wrote to memory of 1932	1124	regsvr32.exe	27
PID 1124 wrote to memory of 1932	1124	regsvr32.exe	27
PID 1124 wrote to memory of 1932	1124	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a9e1362a7c9f65b47559f39b912944e74fdf9a785d81c82300498851bbc50627.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a9e1362a7c9f65b47559f39b912944e74fdf9a785d81c82300498851bbc50627.dll
  2⤵
  PID:1932

memory/1124-54-0x000007FEFC341000-0x000007FEFC343000-memory.dmp

Filesize
8KB

Download
memory/1932-56-0x0000000076401000-0x0000000076403000-memory.dmp

Filesize
8KB

Download