7cc591fbe4e4bec6cf5836ea36fbd7e2a61578a2e91e1504b4f3645d11c59c6a

Analysis

max time kernel
25s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 09:28

Target

7cc591fbe4e4bec6cf5836ea36fbd7e2a61578a2e91e1504b4f3645d11c59c6a.dll
Size

265KB
MD5

9402d05cd02d86b7a3d14ddaf253e010
SHA1

b4a3cf550c862047be06788784acc9eaec827721
SHA256

7cc591fbe4e4bec6cf5836ea36fbd7e2a61578a2e91e1504b4f3645d11c59c6a
SHA512

fd45ad5f6460721e18cd911bf1bff181a8c53c6ae6afc6336692799a9fcf6dc624485b77cdfa8496146696472844336b337acf5d524c63c6479772a3878fa3a6
SSDEEP

6144:PG/gY4ozBsyTDp6rd14JSLU4JSLU4JSLx:PCdLt6rd14JSLU4JSLU4JSLx

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 1612	2032	regsvr32.exe	27
PID 2032 wrote to memory of 1612	2032	regsvr32.exe	27
PID 2032 wrote to memory of 1612	2032	regsvr32.exe	27
PID 2032 wrote to memory of 1612	2032	regsvr32.exe	27
PID 2032 wrote to memory of 1612	2032	regsvr32.exe	27
PID 2032 wrote to memory of 1612	2032	regsvr32.exe	27
PID 2032 wrote to memory of 1612	2032	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7cc591fbe4e4bec6cf5836ea36fbd7e2a61578a2e91e1504b4f3645d11c59c6a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7cc591fbe4e4bec6cf5836ea36fbd7e2a61578a2e91e1504b4f3645d11c59c6a.dll
  2⤵
  PID:1612

memory/1612-56-0x0000000075201000-0x0000000075203000-memory.dmp

Filesize
8KB

Download
memory/2032-54-0x000007FEFBDB1000-0x000007FEFBDB3000-memory.dmp

Filesize
8KB

Download