b446d751b57c05a63f060c8d8972d62874f46a7954136b4e7de23edc3aaa4768

Analysis

max time kernel
28s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 08:06

Target

b446d751b57c05a63f060c8d8972d62874f46a7954136b4e7de23edc3aaa4768.dll
Size

612KB
MD5

b545658b9c07c09ce56e2c045f3c20b0
SHA1

d436eabb066e299d462982b16dcead90df35cc7d
SHA256

b446d751b57c05a63f060c8d8972d62874f46a7954136b4e7de23edc3aaa4768
SHA512

235c140746745ef60cd8df49823616785e233cccc34e3e361e7b1cd08930399a2ed3268b36c7cf3c34c1730a8aa80c9f39552caaab3f11ef9b5dc48e368e4be6
SSDEEP

12288:a62hE5ilSxV+CbgTR5hsSOYqZoqEDfXKtowfn7BZqq:FgbTRAeqEDaSNq

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 1980	1676	regsvr32.exe	28
PID 1676 wrote to memory of 1980	1676	regsvr32.exe	28
PID 1676 wrote to memory of 1980	1676	regsvr32.exe	28
PID 1676 wrote to memory of 1980	1676	regsvr32.exe	28
PID 1676 wrote to memory of 1980	1676	regsvr32.exe	28
PID 1676 wrote to memory of 1980	1676	regsvr32.exe	28
PID 1676 wrote to memory of 1980	1676	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\b446d751b57c05a63f060c8d8972d62874f46a7954136b4e7de23edc3aaa4768.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\b446d751b57c05a63f060c8d8972d62874f46a7954136b4e7de23edc3aaa4768.dll
  2⤵
  PID:1980

memory/1676-54-0x000007FEFBE41000-0x000007FEFBE43000-memory.dmp

Filesize
8KB

Download
memory/1980-55-0x0000000000000000-mapping.dmp

Download
memory/1980-56-0x00000000764D1000-0x00000000764D3000-memory.dmp

Filesize
8KB

Download