da421122090bcae9ad90fcf776f9db5f79369cace5fcf2494659f4d1e299e440

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
27/08/2023, 19:45

Target

da421122090bcae9ad90fcf776f9db5f79369cace5fcf2494659f4d1e299e440.dll
Size

408KB
MD5

86c4b3dbbd27e75798f1fa128e26cf0d
SHA1

c2b9c06e94a891545cf1eef4bc0551325964a04b
SHA256

da421122090bcae9ad90fcf776f9db5f79369cace5fcf2494659f4d1e299e440
SHA512

07689468562086ffc55e5abeac3f218fa0f2b7e6f48cb144a216ea77f47819e6c64f51552ee7bc716aad3885bb2f7c9909e78d040a0c712f6bfd318af2218ee5
SSDEEP

12288:/NidU/6qwCJ17Ad2Mr2OA1sUZb7m0PGS7Kg:/NidU/6NCv7ACOA1sUZb7m0PDWg

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1056 wrote to memory of 1648	1056	regsvr32.exe	28
PID 1056 wrote to memory of 1648	1056	regsvr32.exe	28
PID 1056 wrote to memory of 1648	1056	regsvr32.exe	28
PID 1056 wrote to memory of 1648	1056	regsvr32.exe	28
PID 1056 wrote to memory of 1648	1056	regsvr32.exe	28
PID 1056 wrote to memory of 1648	1056	regsvr32.exe	28
PID 1056 wrote to memory of 1648	1056	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\da421122090bcae9ad90fcf776f9db5f79369cace5fcf2494659f4d1e299e440.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1056
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\da421122090bcae9ad90fcf776f9db5f79369cace5fcf2494659f4d1e299e440.dll
  2⤵
  PID:1648