cff53c531a54eecda1995c55e47f93183f8b81d001806a407cb71ae501155b51

Analysis

max time kernel
40s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-12-2022 17:49

Target

cff53c531a54eecda1995c55e47f93183f8b81d001806a407cb71ae501155b51.dll
Size

62KB
MD5

5837cb0c173d70f0c9c96ba3e1dd7600
SHA1

9b6f19c8f4017f1002cb9d6a15ae3f61a380d4ce
SHA256

cff53c531a54eecda1995c55e47f93183f8b81d001806a407cb71ae501155b51
SHA512

45a94416ecdff79e006d43f9337456c060396e58f70787656d0254592c2b4bb269e734cadfd44f61f5a2e55b0b21da4cce59c8dd4628587d7ee9a69c11b6467a
SSDEEP

768:o+ThI7GnWA5xz91+SG0flxKsw/U+ThI7GnWA5xz91+SG0flxKsw/:o2hT11+S/fluU2hT11+S/flu

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 1380	1348	regsvr32.exe	26
PID 1348 wrote to memory of 1380	1348	regsvr32.exe	26
PID 1348 wrote to memory of 1380	1348	regsvr32.exe	26
PID 1348 wrote to memory of 1380	1348	regsvr32.exe	26
PID 1348 wrote to memory of 1380	1348	regsvr32.exe	26
PID 1348 wrote to memory of 1380	1348	regsvr32.exe	26
PID 1348 wrote to memory of 1380	1348	regsvr32.exe	26

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\cff53c531a54eecda1995c55e47f93183f8b81d001806a407cb71ae501155b51.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\cff53c531a54eecda1995c55e47f93183f8b81d001806a407cb71ae501155b51.dll
  2⤵
  PID:1380

memory/1348-54-0x000007FEFB8B1000-0x000007FEFB8B3000-memory.dmp

Filesize
8KB

Download
memory/1380-55-0x0000000000000000-mapping.dmp

Download
memory/1380-56-0x00000000750A1000-0x00000000750A3000-memory.dmp

Filesize
8KB

Download
memory/1380-57-0x0000000000170000-0x000000000017D000-memory.dmp

Filesize
52KB

Download