b4e34e21883dcc98beda1d8857ed7129d98c20fd8dcfd2e248caffe2161f629b

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 08:04

Target

b4e34e21883dcc98beda1d8857ed7129d98c20fd8dcfd2e248caffe2161f629b.dll
Size

245KB
MD5

401c9582af6d40257e2d8f5d21575518
SHA1

eea547584137fd6c3e0172936473015589763acd
SHA256

b4e34e21883dcc98beda1d8857ed7129d98c20fd8dcfd2e248caffe2161f629b
SHA512

ee50c5aa0f0c9c109a30a75895818117b39dce2be987cf551b54e96a37e709dde2753775f827108ba793e6780b819144703ab772ad7ca647e40d1d77dcb780b9
SSDEEP

3072:GzSs+fHiL3bCvG52P/n/xw9esJJye5xQjPChxw/I2wpPZqiWPZqix:Gzb/CniTWeQS4ePZqiWPZqix

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 2012	1292	regsvr32.exe	27
PID 1292 wrote to memory of 2012	1292	regsvr32.exe	27
PID 1292 wrote to memory of 2012	1292	regsvr32.exe	27
PID 1292 wrote to memory of 2012	1292	regsvr32.exe	27
PID 1292 wrote to memory of 2012	1292	regsvr32.exe	27
PID 1292 wrote to memory of 2012	1292	regsvr32.exe	27
PID 1292 wrote to memory of 2012	1292	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b4e34e21883dcc98beda1d8857ed7129d98c20fd8dcfd2e248caffe2161f629b.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b4e34e21883dcc98beda1d8857ed7129d98c20fd8dcfd2e248caffe2161f629b.dll
  2⤵
  PID:2012

memory/1292-54-0x000007FEFC211000-0x000007FEFC213000-memory.dmp

Filesize
8KB

Download
memory/2012-55-0x0000000000000000-mapping.dmp

Download
memory/2012-56-0x00000000762E1000-0x00000000762E3000-memory.dmp

Filesize
8KB

Download