465d7dfd9c3593a65da18bf26f05edd20e1a30a4f10a03fe38886e47394bd53d

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
29/08/2023, 04:13

Target

465d7dfd9c3593a65da18bf26f05edd20e1a30a4f10a03fe38886e47394bd53d.dll
Size

1.7MB
MD5

05d82e21670133494bdb7a90b6df5372
SHA1

5fffc9ff426d0b8cef81ae519131eca867dca855
SHA256

465d7dfd9c3593a65da18bf26f05edd20e1a30a4f10a03fe38886e47394bd53d
SHA512

85c61c9dbc7155902addc9ece6409e4feff2890376cfee78edb561abfd61e4d4bdbc5bb7a3849be7f82fc0865a481732c53878502bded7f5e338dbdc42e2e953
SSDEEP

49152:mI3V0bzK4uw+ceomsXdgzWlg0t9mvk6ND8zcfsZm9W6lrEYvXElyOBbYK9jovwLQ:z3V0buficP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 2016	2616	regsvr32.exe	28
PID 2616 wrote to memory of 2016	2616	regsvr32.exe	28
PID 2616 wrote to memory of 2016	2616	regsvr32.exe	28
PID 2616 wrote to memory of 2016	2616	regsvr32.exe	28
PID 2616 wrote to memory of 2016	2616	regsvr32.exe	28
PID 2616 wrote to memory of 2016	2616	regsvr32.exe	28
PID 2616 wrote to memory of 2016	2616	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\465d7dfd9c3593a65da18bf26f05edd20e1a30a4f10a03fe38886e47394bd53d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\465d7dfd9c3593a65da18bf26f05edd20e1a30a4f10a03fe38886e47394bd53d.dll
  2⤵
  PID:2016