ac8369ec50693f80feed71b41d1da3ae621d2a290405cc78ab4f47cee6f363f5

Analysis

max time kernel
57s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 22:49

Target

ac8369ec50693f80feed71b41d1da3ae621d2a290405cc78ab4f47cee6f363f5.dll
Size

250KB
MD5

004df312db4ba4eab42fab762f24af30
SHA1

1e8feb0c93240b29e17fd299cd8dfeeb030a25e2
SHA256

ac8369ec50693f80feed71b41d1da3ae621d2a290405cc78ab4f47cee6f363f5
SHA512

4571a19aa0d37576e3acbefb4218ab1118f8f6047b85117feec464cf68da7c74211b0bd61b9d4b9db011770bd4689cce6f29ed2c65e7203c0835dbbbe5887e42
SSDEEP

6144:77xB7B/fqFKaninqkpDUVWK71asKvwt0BLgM:77rN/GTJsvwtL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 972 wrote to memory of 1136	972	regsvr32.exe	28
PID 972 wrote to memory of 1136	972	regsvr32.exe	28
PID 972 wrote to memory of 1136	972	regsvr32.exe	28
PID 972 wrote to memory of 1136	972	regsvr32.exe	28
PID 972 wrote to memory of 1136	972	regsvr32.exe	28
PID 972 wrote to memory of 1136	972	regsvr32.exe	28
PID 972 wrote to memory of 1136	972	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ac8369ec50693f80feed71b41d1da3ae621d2a290405cc78ab4f47cee6f363f5.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:972
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ac8369ec50693f80feed71b41d1da3ae621d2a290405cc78ab4f47cee6f363f5.dll
  2⤵
  PID:1136

memory/972-54-0x000007FEFBFC1000-0x000007FEFBFC3000-memory.dmp

Filesize
8KB

Download
memory/1136-56-0x0000000075881000-0x0000000075883000-memory.dmp

Filesize
8KB

Download