20a007954f422a6bea382940e1981c114f343829e8b5322902891fc5c8897d57

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 00:42

Target

20a007954f422a6bea382940e1981c114f343829e8b5322902891fc5c8897d57.dll
Size

47KB
MD5

8ad3935e0999d2d0c5022336a7b673b0
SHA1

36a59513d042619a2ed2219b4773b154be098816
SHA256

20a007954f422a6bea382940e1981c114f343829e8b5322902891fc5c8897d57
SHA512

e3562e941b564277feabeebb317c6d933537033270edd961c15d306fcfd8ad18cdeac7ae6b85071ec837be115e9bf8342c792e620e00952713f664ff44f642ae
SSDEEP

768:c09N1k3Du61h0ZM14yTQlRtXwp7tVL/AtzMs0yr7FdLSL7uRod7eBtzz+E4+96:caN1eFYyUjMHwZfr7Fdevyhz+E4+96

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 912	2016	regsvr32.exe	27
PID 2016 wrote to memory of 912	2016	regsvr32.exe	27
PID 2016 wrote to memory of 912	2016	regsvr32.exe	27
PID 2016 wrote to memory of 912	2016	regsvr32.exe	27
PID 2016 wrote to memory of 912	2016	regsvr32.exe	27
PID 2016 wrote to memory of 912	2016	regsvr32.exe	27
PID 2016 wrote to memory of 912	2016	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\20a007954f422a6bea382940e1981c114f343829e8b5322902891fc5c8897d57.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\20a007954f422a6bea382940e1981c114f343829e8b5322902891fc5c8897d57.dll
  2⤵
  PID:912

memory/912-56-0x0000000075661000-0x0000000075663000-memory.dmp

Filesize
8KB

Download
memory/2016-54-0x000007FEFBB31000-0x000007FEFBB33000-memory.dmp

Filesize
8KB

Download