bdc229a84ac050d4e53a3b4f736ae47dce9141ec5dfb1ada796324173d9e191a

Analysis

max time kernel
33s
max time network
38s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 16:40

Target

063b11a1a153135e2eb24f84b36152a3.dll
Size

234KB
MD5

063b11a1a153135e2eb24f84b36152a3
SHA1

5aed5a89822cd71d02d282a5813058fcd3d59376
SHA256

bdc229a84ac050d4e53a3b4f736ae47dce9141ec5dfb1ada796324173d9e191a
SHA512

70af426ab9a2a2d6138d9911e598a984bb5bc84911d2e8eff21eb8ad3dfddefad166b242fed54b341b9414284b6222d4b478a805596a388eb33c86aa12ca3611
SSDEEP

6144:6JVwb9E+azpJVwb9E+azpJVwb9E+azpJVwb9E+azpJVwb9E+azpJVwb9E+az:6JVwRE+aVJVwRE+aVJVwRE+aVJVwRE+y

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2880	3064	regsvr32.exe	29
PID 3064 wrote to memory of 2880	3064	regsvr32.exe	29
PID 3064 wrote to memory of 2880	3064	regsvr32.exe	29
PID 3064 wrote to memory of 2880	3064	regsvr32.exe	29
PID 3064 wrote to memory of 2880	3064	regsvr32.exe	29
PID 3064 wrote to memory of 2880	3064	regsvr32.exe	29
PID 3064 wrote to memory of 2880	3064	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\063b11a1a153135e2eb24f84b36152a3.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\063b11a1a153135e2eb24f84b36152a3.dll
  2⤵
  PID:2880

memory/2880-0-0x00000000000C0000-0x00000000000D1000-memory.dmp

Filesize
68KB

Download