dd95480742a651e32b9cdd4da5e85d5b728512330cd6d5dab564b59d03cd3bc2

Analysis

max time kernel
56s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 13:35

Target

dd95480742a651e32b9cdd4da5e85d5b728512330cd6d5dab564b59d03cd3bc2.dll
Size

83KB
MD5

371133d1f97bc4d3d8e414657a9355a0
SHA1

b0a82401645781e5fe14748d1f356d7720f137a8
SHA256

dd95480742a651e32b9cdd4da5e85d5b728512330cd6d5dab564b59d03cd3bc2
SHA512

88cad410aaa4d509aabb78ab9ba2ea3347da9cb911a68d27a207e6216ca1f261e71db28fc214a9fc2d4470816a1302558e5ef7f55d8f7eb9532aa6027209e02f
SSDEEP

1536:zIjsab9WEkUEAzs11+/nnJZL7aWsuN4kQfWNtMNwTs:Uj99WXmsbUnnL7Sy4kwWTts

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 1156	1772	regsvr32.exe	28
PID 1772 wrote to memory of 1156	1772	regsvr32.exe	28
PID 1772 wrote to memory of 1156	1772	regsvr32.exe	28
PID 1772 wrote to memory of 1156	1772	regsvr32.exe	28
PID 1772 wrote to memory of 1156	1772	regsvr32.exe	28
PID 1772 wrote to memory of 1156	1772	regsvr32.exe	28
PID 1772 wrote to memory of 1156	1772	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dd95480742a651e32b9cdd4da5e85d5b728512330cd6d5dab564b59d03cd3bc2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\dd95480742a651e32b9cdd4da5e85d5b728512330cd6d5dab564b59d03cd3bc2.dll
  2⤵
  PID:1156

memory/1156-56-0x00000000766F1000-0x00000000766F3000-memory.dmp

Filesize
8KB

Download
memory/1156-57-0x000000005EDD0000-0x000000005EDE8000-memory.dmp

Filesize
96KB

Download
memory/1156-58-0x000000005EDD1000-0x000000005EDE1000-memory.dmp

Filesize
64KB

Download
memory/1772-54-0x000007FEFC4E1000-0x000007FEFC4E3000-memory.dmp

Filesize
8KB

Download