3b72b656a6f3c99a31fb2d6ff3e087a2884f77235ad96c0f2a484f9f3e761dde

Analysis

max time kernel
34s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-12-2022 15:02

Target

3b72b656a6f3c99a31fb2d6ff3e087a2884f77235ad96c0f2a484f9f3e761dde.dll
Size

242KB
MD5

72ed52c4a80b0423c53c1450412f1244
SHA1

f0d719f328b7691981005cac5a762c895bf32a39
SHA256

3b72b656a6f3c99a31fb2d6ff3e087a2884f77235ad96c0f2a484f9f3e761dde
SHA512

5efa04b0061a3dc162ace7ebdb0234bbded0977934cc7134f011ffc2da250153d0a09255b573e093d9b81ab05c234d7a194fa21aec5a7466a55e524e3e1b4956
SSDEEP

6144:MN2EkHSib6SWheBLdeHU47VBDoDVBDoDVBoN:NHSie6Bo047VBDoDVBDoDVBoN

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1672 wrote to memory of 1580	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1580	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1580	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1580	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1580	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1580	1672	regsvr32.exe	27
PID 1672 wrote to memory of 1580	1672	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3b72b656a6f3c99a31fb2d6ff3e087a2884f77235ad96c0f2a484f9f3e761dde.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1672
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3b72b656a6f3c99a31fb2d6ff3e087a2884f77235ad96c0f2a484f9f3e761dde.dll
  2⤵
  PID:1580

memory/1580-56-0x0000000075BD1000-0x0000000075BD3000-memory.dmp

Filesize
8KB

Download
memory/1672-54-0x000007FEFBC01000-0x000007FEFBC03000-memory.dmp

Filesize
8KB

Download