9f99870856089d64a51abefd0916b3bc8b2730451398e727a3b152c058be211a

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
01/09/2023, 15:26

Target

9f99870856089d64a51abefd0916b3bc8b2730451398e727a3b152c058be211a.dll
Size

10.2MB
MD5

cf2edaa37fa4353f8e43547210de8ca2
SHA1

4b39f7a40ec93e588007a4c6fc91db430cdb621f
SHA256

9f99870856089d64a51abefd0916b3bc8b2730451398e727a3b152c058be211a
SHA512

adc39cea694e76ec4739cde503d539a3d7806f919a4c22c8d83d1b24da509c0a73059b0ae491691f04581097391e401e22bb167485714cf808b312a93245cd79
SSDEEP

196608:YRhAoxkHIE3K+IHD61hwSjIUoGOcYw7ypNXq/VJnI6SI:YRhAqkof+661PjHxZsNXqJnF

Score

1^/10

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3008	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 3008	3060	regsvr32.exe	1
PID 3060 wrote to memory of 3008	3060	regsvr32.exe	1
PID 3060 wrote to memory of 3008	3060	regsvr32.exe	1
PID 3060 wrote to memory of 3008	3060	regsvr32.exe	1
PID 3060 wrote to memory of 3008	3060	regsvr32.exe	1
PID 3060 wrote to memory of 3008	3060	regsvr32.exe	1
PID 3060 wrote to memory of 3008	3060	regsvr32.exe	1

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\9f99870856089d64a51abefd0916b3bc8b2730451398e727a3b152c058be211a.dll
1⤵
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9f99870856089d64a51abefd0916b3bc8b2730451398e727a3b152c058be211a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3060