0d1a4bdc34d47bc30f2bd24495bdc790301e6e053c0237c5556eec57814e8910

Analysis

max time kernel
127s
max time network
164s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 14:37

Target

017f23c41b1b61d9100072c02b4f7c24.dll
Size

18KB
MD5

017f23c41b1b61d9100072c02b4f7c24
SHA1

101b15d6ee2b4908b492ed93b74edfee6c5caf36
SHA256

0d1a4bdc34d47bc30f2bd24495bdc790301e6e053c0237c5556eec57814e8910
SHA512

91a5c6b1912747a381d810577785a4b22d68c494b9a63b3c22ad3e3a779290034b0841b4e7d376d91c39b465777e855ad79b0a7bd7b2738f746b90e23f8bc37e
SSDEEP

384:xoiWWTEcWVnoHjUw9U/J8fK2WVVb+Ix0sFazitGfhBoDhTOM7U1BbpgnAhejs:Qrnc9UB6tSVbKWCAhuB6nAhew

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 2684	2816	regsvr32.exe	27
PID 2816 wrote to memory of 2684	2816	regsvr32.exe	27
PID 2816 wrote to memory of 2684	2816	regsvr32.exe	27
PID 2816 wrote to memory of 2684	2816	regsvr32.exe	27
PID 2816 wrote to memory of 2684	2816	regsvr32.exe	27
PID 2816 wrote to memory of 2684	2816	regsvr32.exe	27
PID 2816 wrote to memory of 2684	2816	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\017f23c41b1b61d9100072c02b4f7c24.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\017f23c41b1b61d9100072c02b4f7c24.dll
  2⤵
  PID:2684

memory/2684-0-0x0000000000170000-0x000000000018C000-memory.dmp

Filesize
112KB

Download