d80f2b24698772320ba3b06cb1b0ad3d1f168b7f04d360fe54cd18b8782adca9

Analysis

max time kernel
45s
max time network
53s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07-12-2022 02:13

Target

d80f2b24698772320ba3b06cb1b0ad3d1f168b7f04d360fe54cd18b8782adca9.dll
Size

61KB
MD5

6eb9a2e2b287c8404d212e194dfca777
SHA1

0b66a799ace678b9e8e23e49931c8cb1d2ead82c
SHA256

d80f2b24698772320ba3b06cb1b0ad3d1f168b7f04d360fe54cd18b8782adca9
SHA512

77e2e0cf90f33b98b6cdf36f44b45ad28fa583d5d409e400286ad2cfd65d9edcb27d58c978d6ca0546c7ee1fe9b042624ae5536d191fbbde6b4283c02b46b749
SSDEEP

1536:3StzfpV5WC89+JC4BdMlJhsRbGEQ/mAH3902f:3ijMyC4BVInmAH3Pf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 1216	1552	regsvr32.exe	26
PID 1552 wrote to memory of 1216	1552	regsvr32.exe	26
PID 1552 wrote to memory of 1216	1552	regsvr32.exe	26
PID 1552 wrote to memory of 1216	1552	regsvr32.exe	26
PID 1552 wrote to memory of 1216	1552	regsvr32.exe	26
PID 1552 wrote to memory of 1216	1552	regsvr32.exe	26
PID 1552 wrote to memory of 1216	1552	regsvr32.exe	26

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\d80f2b24698772320ba3b06cb1b0ad3d1f168b7f04d360fe54cd18b8782adca9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\d80f2b24698772320ba3b06cb1b0ad3d1f168b7f04d360fe54cd18b8782adca9.dll
  2⤵
  PID:1216

memory/1216-56-0x0000000075681000-0x0000000075683000-memory.dmp

Filesize
8KB

Download
memory/1216-57-0x0000000011000000-0x0000000011080000-memory.dmp

Filesize
512KB

Download
memory/1552-54-0x000007FEFBB71000-0x000007FEFBB73000-memory.dmp

Filesize
8KB

Download