9141c4a42574e5f9d3387ed94851fadff0748ab6cb0b6547a9d4d928cab6d76d

Analysis

max time kernel
39s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/12/2022, 01:30

Target

9141c4a42574e5f9d3387ed94851fadff0748ab6cb0b6547a9d4d928cab6d76d.dll
Size

160KB
MD5

26cf5592e40dfb74eaf10972ea409ad7
SHA1

58a9be92670dd6bbb264ed5716c07a8cb59a95dc
SHA256

9141c4a42574e5f9d3387ed94851fadff0748ab6cb0b6547a9d4d928cab6d76d
SHA512

5dbc36e893b270f6c398c5155ade4bb77fb3eb1f80467489e9ebe1f2434336f6db74c72be5baefc2f23e1ff8b2cf3661e74d3d29a4dcbdc0bd3300fb1977e7d9
SSDEEP

1536:tKebOzC3iT17JWA0lgSYzKRJ0eTA9NWERQS2IHg9g8+ICS4A2wGU5odXfgLatTR8:wW4Z1FW3qO0h5RWg8FYwGU5odbtTR

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 2028	1516	regsvr32.exe	27
PID 1516 wrote to memory of 2028	1516	regsvr32.exe	27
PID 1516 wrote to memory of 2028	1516	regsvr32.exe	27
PID 1516 wrote to memory of 2028	1516	regsvr32.exe	27
PID 1516 wrote to memory of 2028	1516	regsvr32.exe	27
PID 1516 wrote to memory of 2028	1516	regsvr32.exe	27
PID 1516 wrote to memory of 2028	1516	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9141c4a42574e5f9d3387ed94851fadff0748ab6cb0b6547a9d4d928cab6d76d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\9141c4a42574e5f9d3387ed94851fadff0748ab6cb0b6547a9d4d928cab6d76d.dll
  2⤵
  PID:2028

memory/1516-54-0x000007FEFB7E1000-0x000007FEFB7E3000-memory.dmp

Filesize
8KB

Download
memory/2028-56-0x0000000075841000-0x0000000075843000-memory.dmp

Filesize
8KB

Download