8854cc1320c08d487a8082e9a79c4c16cd03695acd82e2ad8cb6506565987766

Analysis

max time kernel
44s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02/02/2023, 13:31

Target

5ffa104f9d9dcc4f83dc2a255956aacac0154f71.dll
Size

69KB
MD5

7f74d91179faeb705a4aabcb3e14c375
SHA1

5ffa104f9d9dcc4f83dc2a255956aacac0154f71
SHA256

8854cc1320c08d487a8082e9a79c4c16cd03695acd82e2ad8cb6506565987766
SHA512

8e1374f5497616e0b49457dac43ee85f9f84fbe0906e70c7189443cbb42dd4e1d3da25a624e10baf48f8b145283c035f72b1151737ef519265a4f83cef18dba8
SSDEEP

1536:08nUZXWjUTu3zyOKV1ce9s3mDmYv1Z8lNUWzFOYNLC:08UVWjU4SVa13ApupzFOk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 968	1036	regsvr32.exe	27
PID 1036 wrote to memory of 968	1036	regsvr32.exe	27
PID 1036 wrote to memory of 968	1036	regsvr32.exe	27
PID 1036 wrote to memory of 968	1036	regsvr32.exe	27
PID 1036 wrote to memory of 968	1036	regsvr32.exe	27
PID 1036 wrote to memory of 968	1036	regsvr32.exe	27
PID 1036 wrote to memory of 968	1036	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5ffa104f9d9dcc4f83dc2a255956aacac0154f71.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5ffa104f9d9dcc4f83dc2a255956aacac0154f71.dll
  2⤵
  PID:968

memory/968-56-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download
memory/1036-54-0x000007FEFBDB1000-0x000007FEFBDB3000-memory.dmp

Filesize
8KB

Download