9576a7b73bfa1389284097721f82910b7a48f8d5d980c9857fba7536148f20e2

Analysis

max time kernel
41s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/01/2023, 01:24

Target

8d8b65c814f1ba2f3e0204289645501ac84b5641.dll
Size

356KB
MD5

9244db61af49f0fe9e79abd2b1d81b3a
SHA1

8d8b65c814f1ba2f3e0204289645501ac84b5641
SHA256

9576a7b73bfa1389284097721f82910b7a48f8d5d980c9857fba7536148f20e2
SHA512

d47ad3380bb6f0f6f249fe9f02e1426f410cb12e8fec5d4b23feddb36a1f3481ab3cf5b766c4651f3f806f9a466722a50d0deb0f4e38ae138b0070108b0f8dd6
SSDEEP

6144:eRXweGsCJH2mMnpyxT5oz9QVAG5e4ZIrA/qTX1pGlMNvBv:qZNCMJkTocs4ZIzGlwvBv

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 880	1428	regsvr32.exe	27
PID 1428 wrote to memory of 880	1428	regsvr32.exe	27
PID 1428 wrote to memory of 880	1428	regsvr32.exe	27
PID 1428 wrote to memory of 880	1428	regsvr32.exe	27
PID 1428 wrote to memory of 880	1428	regsvr32.exe	27
PID 1428 wrote to memory of 880	1428	regsvr32.exe	27
PID 1428 wrote to memory of 880	1428	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8d8b65c814f1ba2f3e0204289645501ac84b5641.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\8d8b65c814f1ba2f3e0204289645501ac84b5641.dll
  2⤵
  PID:880

memory/880-56-0x0000000075071000-0x0000000075073000-memory.dmp

Filesize
8KB

Download
memory/1428-54-0x000007FEFB821000-0x000007FEFB823000-memory.dmp

Filesize
8KB

Download