9b0f8e358f52586aa68ab460a5ecfbe74121de44dc3383dfafaa2e9f85c9b3b2

Analysis

max time kernel
51s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 08:58

Target

9b0f8e358f52586aa68ab460a5ecfbe74121de44dc3383dfafaa2e9f85c9b3b2.dll
Size

309KB
MD5

df6a724878531ee5cf5ddafa9341afdb
SHA1

bc531d99b3ba4e75c3c55e57440670e19d16ec50
SHA256

9b0f8e358f52586aa68ab460a5ecfbe74121de44dc3383dfafaa2e9f85c9b3b2
SHA512

bb979c090cb8f6ce3894b534b4e0412266d6e07f339fa281e3185a32d7094eae5bba71e3d79c1cc0b1e705f66072933b4fa5ed9cd0b639a0866072d503b3eaa1
SSDEEP

6144:cr7nUrnjqYWfchdXktjgqdKfjRVgYXa7Kb0y:+fchdk9sLR7a7Kb0y

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 840	2044	regsvr32.exe	28
PID 2044 wrote to memory of 840	2044	regsvr32.exe	28
PID 2044 wrote to memory of 840	2044	regsvr32.exe	28
PID 2044 wrote to memory of 840	2044	regsvr32.exe	28
PID 2044 wrote to memory of 840	2044	regsvr32.exe	28
PID 2044 wrote to memory of 840	2044	regsvr32.exe	28
PID 2044 wrote to memory of 840	2044	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9b0f8e358f52586aa68ab460a5ecfbe74121de44dc3383dfafaa2e9f85c9b3b2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\9b0f8e358f52586aa68ab460a5ecfbe74121de44dc3383dfafaa2e9f85c9b3b2.dll
  2⤵
  PID:840

memory/840-56-0x0000000076DC1000-0x0000000076DC3000-memory.dmp

Filesize
8KB

Download
memory/2044-54-0x000007FEFC481000-0x000007FEFC483000-memory.dmp

Filesize
8KB

Download