8e5b784090e0992c09f18087f6b8c5d2c4b1b795b6c5e195e9c39a1397ad1134

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23/08/2023, 04:18

Target

8e5b784090e0992c09f18087f6b8c5d2c4b1b795b6c5e195e9c39a1397ad1134.dll
Size

854KB
MD5

cbdd893296d634aaaf62704b7b3769dc
SHA1

9c84164b23d827ca1769843b938b0d9a83dc24d8
SHA256

8e5b784090e0992c09f18087f6b8c5d2c4b1b795b6c5e195e9c39a1397ad1134
SHA512

3fc324f5561ea557945d85695d0501b5154a547be90b769debdf990a661f6ca96a8a9ee866744e8e93698c064ee1a145589d3ab728fe13004e670c0cd1f3f20e
SSDEEP

6144:J548IWWSIHw69hc+UPRnFWBh2PceZbcsDn8SH1wa4SqOpAcD7+o5O6I7fPHfgMIc:o8I9f+3WK0a395tGEG2uS

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 1912	1988	regsvr32.exe	28
PID 1988 wrote to memory of 1912	1988	regsvr32.exe	28
PID 1988 wrote to memory of 1912	1988	regsvr32.exe	28
PID 1988 wrote to memory of 1912	1988	regsvr32.exe	28
PID 1988 wrote to memory of 1912	1988	regsvr32.exe	28
PID 1988 wrote to memory of 1912	1988	regsvr32.exe	28
PID 1988 wrote to memory of 1912	1988	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\8e5b784090e0992c09f18087f6b8c5d2c4b1b795b6c5e195e9c39a1397ad1134.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\8e5b784090e0992c09f18087f6b8c5d2c4b1b795b6c5e195e9c39a1397ad1134.dll
  2⤵
  PID:1912