995339bb5046720f0fcf51c13a97301bda1fd0db8de3e2060a2fb71685ba8088

Analysis

max time kernel
30s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
07/12/2022, 03:21

Target

995339bb5046720f0fcf51c13a97301bda1fd0db8de3e2060a2fb71685ba8088.dll
Size

100KB
MD5

15edbf1fd243d9cbdfe48671976e9c94
SHA1

5d4c890f9fcececce24aa8c9f9d6c40e3352b63e
SHA256

995339bb5046720f0fcf51c13a97301bda1fd0db8de3e2060a2fb71685ba8088
SHA512

7f588012f289d9f3a1bea4a872579c927d33a87b3484cf954ccbc9476eb1cba145b9cc81b3382f46c49068c13affe8aca4e5a8d989f312cbe6a51b13a0217794
SSDEEP

3072:q7uYTPyyAEvLWcxnxX3tepwqqJ4JIrL8POpKe4:qyYTPvljWcR1Ywqq7eOpK

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 1208	1184	regsvr32.exe	28
PID 1184 wrote to memory of 1208	1184	regsvr32.exe	28
PID 1184 wrote to memory of 1208	1184	regsvr32.exe	28
PID 1184 wrote to memory of 1208	1184	regsvr32.exe	28
PID 1184 wrote to memory of 1208	1184	regsvr32.exe	28
PID 1184 wrote to memory of 1208	1184	regsvr32.exe	28
PID 1184 wrote to memory of 1208	1184	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\995339bb5046720f0fcf51c13a97301bda1fd0db8de3e2060a2fb71685ba8088.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\995339bb5046720f0fcf51c13a97301bda1fd0db8de3e2060a2fb71685ba8088.dll
  2⤵
  PID:1208

memory/1184-54-0x000007FEFB7C1000-0x000007FEFB7C3000-memory.dmp

Filesize
8KB

Download
memory/1208-56-0x0000000075991000-0x0000000075993000-memory.dmp

Filesize
8KB

Download
memory/1208-57-0x0000000001D80000-0x0000000001DC7000-memory.dmp

Filesize
284KB

Download
memory/1208-58-0x0000000001D80000-0x0000000001DC7000-memory.dmp

Filesize
284KB

Download