c265303eeb1a8301c503d33e3c7b82b70a4bcdaefe2fae64a6da37f0e7e54ad1

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 01:39

Target

4a00412d6cd2fc53efc854959816917c.dll
Size

116KB
MD5

4a00412d6cd2fc53efc854959816917c
SHA1

304450d58adc182fcb0019e960c04e3c4cc82be7
SHA256

c265303eeb1a8301c503d33e3c7b82b70a4bcdaefe2fae64a6da37f0e7e54ad1
SHA512

efba2a6047fd0a2aa66956191696f378fab4cc0faec9c7eb567463c9f4c8dbb8a263b47c9ff13d1350aba51dd843cc7bf7238fccf4ebeb4f1e7077223885fd3b
SSDEEP

768:R8y1quQCFIxJ9WKdjbGqrpgGu9VBUKsZz35ySMrKYJvDpJjJfVutSDr3vBgI6t57:R71quQpzhdtCVa5yxrKs1JjVX3vBbkJ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2288	2128	regsvr32.exe	28
PID 2128 wrote to memory of 2288	2128	regsvr32.exe	28
PID 2128 wrote to memory of 2288	2128	regsvr32.exe	28
PID 2128 wrote to memory of 2288	2128	regsvr32.exe	28
PID 2128 wrote to memory of 2288	2128	regsvr32.exe	28
PID 2128 wrote to memory of 2288	2128	regsvr32.exe	28
PID 2128 wrote to memory of 2288	2128	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4a00412d6cd2fc53efc854959816917c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4a00412d6cd2fc53efc854959816917c.dll
  2⤵
  PID:2288

memory/2288-0-0x00000000001A0000-0x00000000001BD000-memory.dmp

Filesize
116KB

Download