6b1ded9330dc27bf93993cfe03cf10cb20a5176c409dd2ffd27f0fbec83eefa1

Analysis

max time kernel
42s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 12:13

Target

6b1ded9330dc27bf93993cfe03cf10cb20a5176c409dd2ffd27f0fbec83eefa1.dll
Size

91KB
MD5

ce43d9d92697eea8e268ec74dc0cd24a
SHA1

7c6e6892e76c5c7d344d10be676a9e8f78989131
SHA256

6b1ded9330dc27bf93993cfe03cf10cb20a5176c409dd2ffd27f0fbec83eefa1
SHA512

4ce15d3de57da4bbd2c6a5ab1efe5e4af9cc90c9b7a0b5105b69c6b024a9d54f7710d44d8f00ba0332e35b779f600755a9958a67e5f4f8301dcb7b34be33359d
SSDEEP

1536:nq1mOkO1e0TAtfm5lm19/DouhJT9Nu5dYiI9W4ROjfwwNiCj2:pO/ej45E9kI3u5YfQ7HNTj

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1760 wrote to memory of 1332	1760	regsvr32.exe	27
PID 1760 wrote to memory of 1332	1760	regsvr32.exe	27
PID 1760 wrote to memory of 1332	1760	regsvr32.exe	27
PID 1760 wrote to memory of 1332	1760	regsvr32.exe	27
PID 1760 wrote to memory of 1332	1760	regsvr32.exe	27
PID 1760 wrote to memory of 1332	1760	regsvr32.exe	27
PID 1760 wrote to memory of 1332	1760	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6b1ded9330dc27bf93993cfe03cf10cb20a5176c409dd2ffd27f0fbec83eefa1.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1760
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\6b1ded9330dc27bf93993cfe03cf10cb20a5176c409dd2ffd27f0fbec83eefa1.dll
  2⤵
  PID:1332

memory/1332-56-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1332-57-0x0000000000150000-0x000000000015F000-memory.dmp

Filesize
60KB

Download
memory/1332-58-0x0000000000160000-0x000000000016F000-memory.dmp

Filesize
60KB

Download
memory/1760-54-0x000007FEFB621000-0x000007FEFB623000-memory.dmp

Filesize
8KB

Download