3790196fe1ab6d4cb84cf9ebe10267766c75d245f28ec8f05ed1dce6686f950d

Analysis

max time kernel
38s
max time network
44s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/02/2023, 13:33

Target

11062f01a3402ad76c013c1638b6a953b3343f15.dll
Size

66KB
MD5

4beba5a8bc693e75eea5caf3ba886896
SHA1

11062f01a3402ad76c013c1638b6a953b3343f15
SHA256

3790196fe1ab6d4cb84cf9ebe10267766c75d245f28ec8f05ed1dce6686f950d
SHA512

ccab0dcf8812ef96debcb805ae9b8e9808f9cf9cf23464b1fee07c5988461331db4a796485bd963148e9f0763ff7b47d13daf6df0bc12593968d93fa4922e4fc
SSDEEP

1536:jiVKCRVno8gyP70pftaazD8ee3stetdeO3g9mfG+IOBDM4m7cmX:jiVKCjF7Aaa6d+cfG+HMH7P

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 824	1156	regsvr32.exe	26
PID 1156 wrote to memory of 824	1156	regsvr32.exe	26
PID 1156 wrote to memory of 824	1156	regsvr32.exe	26
PID 1156 wrote to memory of 824	1156	regsvr32.exe	26
PID 1156 wrote to memory of 824	1156	regsvr32.exe	26
PID 1156 wrote to memory of 824	1156	regsvr32.exe	26
PID 1156 wrote to memory of 824	1156	regsvr32.exe	26

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\11062f01a3402ad76c013c1638b6a953b3343f15.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\11062f01a3402ad76c013c1638b6a953b3343f15.dll
  2⤵
  PID:824

memory/824-56-0x00000000750A1000-0x00000000750A3000-memory.dmp

Filesize
8KB

Download
memory/824-57-0x0000000000260000-0x00000000002A7000-memory.dmp

Filesize
284KB

Download
memory/824-58-0x0000000000260000-0x00000000002A7000-memory.dmp

Filesize
284KB

Download
memory/1156-54-0x000007FEFB8B1000-0x000007FEFB8B3000-memory.dmp

Filesize
8KB

Download