92f5f9e6c0a0e7de80c5b56bc36eac170cc2c94e8998325ce84cb8cb14dbfa09

Analysis

max time kernel
42s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
05/12/2022, 18:58

Target

92f5f9e6c0a0e7de80c5b56bc36eac170cc2c94e8998325ce84cb8cb14dbfa09.dll
Size

99KB
MD5

9b6ef3e12d566ce8310362a78f6f7194
SHA1

d7169056b3394ecde94bcc10b8733aa2b531bb4d
SHA256

92f5f9e6c0a0e7de80c5b56bc36eac170cc2c94e8998325ce84cb8cb14dbfa09
SHA512

9ef1c38acbccad7bf062f987ad8f8fadb3762153352931566d00d5e424eedf0f79df2646d857ebde7f3338099c339bd1ee5e631bdc0b62acfa3e67923d3c51b7
SSDEEP

1536:Ebof0dxbkrgl8iQ5nkfep0uXs+UlGVIeckX0fLFOth/2h6gJzP:Ebvd1krgeVRHIeDXmLFOth/2h6gJz

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 620 wrote to memory of 856	620	regsvr32.exe	27
PID 620 wrote to memory of 856	620	regsvr32.exe	27
PID 620 wrote to memory of 856	620	regsvr32.exe	27
PID 620 wrote to memory of 856	620	regsvr32.exe	27
PID 620 wrote to memory of 856	620	regsvr32.exe	27
PID 620 wrote to memory of 856	620	regsvr32.exe	27
PID 620 wrote to memory of 856	620	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\92f5f9e6c0a0e7de80c5b56bc36eac170cc2c94e8998325ce84cb8cb14dbfa09.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:620
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\92f5f9e6c0a0e7de80c5b56bc36eac170cc2c94e8998325ce84cb8cb14dbfa09.dll
  2⤵
  PID:856

memory/620-54-0x000007FEFC331000-0x000007FEFC333000-memory.dmp

Filesize
8KB

Download
memory/856-56-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download