b64931b6db61a46ba71ce18a08d1e273ebdd25b3c7b91d4b4d402125be6c553f

Analysis

max time kernel
38s
max time network
41s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 08:08

Target

b64931b6db61a46ba71ce18a08d1e273ebdd25b3c7b91d4b4d402125be6c553f.dll
Size

920KB
MD5

2457ce88e28814e23370a7836090179c
SHA1

7fdaa16e1126eb8f8e199fd7f4695b097559eb1f
SHA256

b64931b6db61a46ba71ce18a08d1e273ebdd25b3c7b91d4b4d402125be6c553f
SHA512

c7b53aac37f267f84dbed1a0801b758ada81f115784861b1a47be774e76feb40334a10a3151634454d02c18f8e9876b4ecaef035316f4940cbe484ef4ebca9c7
SSDEEP

12288:WjIIRr2UBdYCxcfsCYu1JKE6LHce+G31T3T4oH9A855X:WDRrdBjWADce+G31T3T1HZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 1620	1612	regsvr32.exe	26
PID 1612 wrote to memory of 1620	1612	regsvr32.exe	26
PID 1612 wrote to memory of 1620	1612	regsvr32.exe	26
PID 1612 wrote to memory of 1620	1612	regsvr32.exe	26
PID 1612 wrote to memory of 1620	1612	regsvr32.exe	26
PID 1612 wrote to memory of 1620	1612	regsvr32.exe	26
PID 1612 wrote to memory of 1620	1612	regsvr32.exe	26

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b64931b6db61a46ba71ce18a08d1e273ebdd25b3c7b91d4b4d402125be6c553f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b64931b6db61a46ba71ce18a08d1e273ebdd25b3c7b91d4b4d402125be6c553f.dll
  2⤵
  PID:1620

memory/1612-54-0x000007FEFBD91000-0x000007FEFBD93000-memory.dmp

Filesize
8KB

Download
memory/1620-56-0x0000000076681000-0x0000000076683000-memory.dmp

Filesize
8KB

Download