2411b23bab7703e94897573f3758e1849fdc6f407ea1d1e5da20a4e07ecf3c09

Analysis

max time kernel
407s
max time network
411s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
23/05/2023, 11:49

Target

2411b23bab7703e94897573f3758e1849fdc6f407ea1d1e5da20a4e07ecf3c09.dll
Size

473KB
MD5

3d051c701fbdf002650f8f90267ee16d
SHA1

e835e5d57c769cb86e9e61ff8e28d7bad1421cdb
SHA256

2411b23bab7703e94897573f3758e1849fdc6f407ea1d1e5da20a4e07ecf3c09
SHA512

4018efc79da22eb577a889b608c662ae5d59fc6c8dead939fd814675c08fdd0ac372aa132357451fe4231f592a13ad9b3dfca0f2a12ef9946601a277c18a7dde
SSDEEP

6144:nYGKcdvv6azsXOkDriqiN0DaSCrIB28UJ1F5FRpS0Xu0X:YGKKDADhi+Da3rIByJ13pRxX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 860 wrote to memory of 560	860	regsvr32.exe	27
PID 860 wrote to memory of 560	860	regsvr32.exe	27
PID 860 wrote to memory of 560	860	regsvr32.exe	27
PID 860 wrote to memory of 560	860	regsvr32.exe	27
PID 860 wrote to memory of 560	860	regsvr32.exe	27
PID 860 wrote to memory of 560	860	regsvr32.exe	27
PID 860 wrote to memory of 560	860	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2411b23bab7703e94897573f3758e1849fdc6f407ea1d1e5da20a4e07ecf3c09.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:860
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2411b23bab7703e94897573f3758e1849fdc6f407ea1d1e5da20a4e07ecf3c09.dll
  2⤵
  PID:560