2eff1fe7854b24b2517b26beb341ea4f115e66894ce4a45172adc566b92b02ed

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30/03/2023, 01:39 UTC

Target

ee83bc569b8fd831c17845778042ffef7f4a96f9fa54a28ab8517ff2954a1517.dll
Size

566KB
MD5

8e084634f942776f71c350a5545fe39f
SHA1

f245590544ddbfdd97691383fef1b1056d89f28a
SHA256

ee83bc569b8fd831c17845778042ffef7f4a96f9fa54a28ab8517ff2954a1517
SHA512

80e7350c1749923017bbcf08545ccea3ef78926557047a034aa99916851226c1c959bba74920cf3640abe124c0052cf0736662b5eabdbbeb91236602a20f13f0
SSDEEP

12288:wHGWVuU+mptaW3e6QM43Y07PONMxR2soyGTyA8eJb:wmWVuU3X/e6QMYYUPONMxoeGTnZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1304	1736	regsvr32.exe	28
PID 1736 wrote to memory of 1304	1736	regsvr32.exe	28
PID 1736 wrote to memory of 1304	1736	regsvr32.exe	28
PID 1736 wrote to memory of 1304	1736	regsvr32.exe	28
PID 1736 wrote to memory of 1304	1736	regsvr32.exe	28
PID 1736 wrote to memory of 1304	1736	regsvr32.exe	28
PID 1736 wrote to memory of 1304	1736	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\ee83bc569b8fd831c17845778042ffef7f4a96f9fa54a28ab8517ff2954a1517.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\ee83bc569b8fd831c17845778042ffef7f4a96f9fa54a28ab8517ff2954a1517.dll
  2⤵
  PID:1304