bdf77253562e9dba0cf5a312b6dbe750fd598e8670699451a76874e4fdea8f36

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19/12/2022, 04:47

Target

bdf77253562e9dba0cf5a312b6dbe750fd598e8670699451a76874e4fdea8f36.dll
Size

28KB
MD5

23d39b1920cb40f0e1c9410d008a9978
SHA1

0649216918531f6b9a710b84c9a1bb980f2a7424
SHA256

bdf77253562e9dba0cf5a312b6dbe750fd598e8670699451a76874e4fdea8f36
SHA512

0c4c7f6ecfa4e7bfdc593b629b30b47643839a1b3efebc1c441015b454e1273cd41f9941cc4378de65e061a866877af33231128b6992cfeb8c17deede44dbaea
SSDEEP

384:6nwQZIoZpRoyOKqR0REEmDafKwE+LQT40w4z8:cBpopKqqREEwOKwEkz0w4

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 916	1756	regsvr32.exe	27
PID 1756 wrote to memory of 916	1756	regsvr32.exe	27
PID 1756 wrote to memory of 916	1756	regsvr32.exe	27
PID 1756 wrote to memory of 916	1756	regsvr32.exe	27
PID 1756 wrote to memory of 916	1756	regsvr32.exe	27
PID 1756 wrote to memory of 916	1756	regsvr32.exe	27
PID 1756 wrote to memory of 916	1756	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\bdf77253562e9dba0cf5a312b6dbe750fd598e8670699451a76874e4fdea8f36.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\bdf77253562e9dba0cf5a312b6dbe750fd598e8670699451a76874e4fdea8f36.dll
  2⤵
  PID:916

memory/916-56-0x0000000076871000-0x0000000076873000-memory.dmp

Filesize
8KB

Download
memory/1756-54-0x000007FEFC521000-0x000007FEFC523000-memory.dmp

Filesize
8KB

Download