dc89a2d3626a053c61a3ee30b3e6f3c38bca5a9c5b5c5e1abb12915d7cfb1c2a

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 15:24

Target

03a2a84c6baee4ad3fbce657b383d6ec.dll
Size

636KB
MD5

03a2a84c6baee4ad3fbce657b383d6ec
SHA1

cb9f2fc89e1208bca154fa24f69e6e0d55297d6a
SHA256

dc89a2d3626a053c61a3ee30b3e6f3c38bca5a9c5b5c5e1abb12915d7cfb1c2a
SHA512

e17238b3ead1fd0bd11a101c05dde37cbea1051c1bbc0a3dff308b86fb0683bb2bee4e167f246390d6340b4a14abf0b0cc213ed5cb61a61a611322d8658a7343
SSDEEP

12288:MOJtr/QwuAls9HyP4rNjRfAJLNc0OKctbGwof1SpbBEIb5bxXMlOi8BG:td/Qw9offAJS0stbGwouJx8Ii5

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 3012	2936	regsvr32.exe	28
PID 2936 wrote to memory of 3012	2936	regsvr32.exe	28
PID 2936 wrote to memory of 3012	2936	regsvr32.exe	28
PID 2936 wrote to memory of 3012	2936	regsvr32.exe	28
PID 2936 wrote to memory of 3012	2936	regsvr32.exe	28
PID 2936 wrote to memory of 3012	2936	regsvr32.exe	28
PID 2936 wrote to memory of 3012	2936	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\03a2a84c6baee4ad3fbce657b383d6ec.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\03a2a84c6baee4ad3fbce657b383d6ec.dll
  2⤵
  PID:3012