9d7522ee51219cc8e04c22798494dfec31a084507e8f30fc03c462d64277f45e

Analysis

max time kernel
120s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 11:13

Target

69ffcc5b62eee18c996b51494e2638aa.dll
Size

120KB
MD5

69ffcc5b62eee18c996b51494e2638aa
SHA1

5df3e1c20e013dec2c775ab1d04251c521ead95a
SHA256

9d7522ee51219cc8e04c22798494dfec31a084507e8f30fc03c462d64277f45e
SHA512

d093ca61e8c3f58880cea68871cdf7eed7032bd1d610b77ca0460a2b44ffea03595f897c2ba3531c916ba6f5e9a3f93c9935c99857169cb0f2a887fa6c747641
SSDEEP

768:Ry5q4QGnoI2PHJdvrGFT72G3qnZ/lJxgr9rqQD+AfqkQwEANiBqCXpx+:I5q4QctGTe7O/PSrrD+Sq+gqCXpx+

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2636	2356	regsvr32.exe	27
PID 2356 wrote to memory of 2636	2356	regsvr32.exe	27
PID 2356 wrote to memory of 2636	2356	regsvr32.exe	27
PID 2356 wrote to memory of 2636	2356	regsvr32.exe	27
PID 2356 wrote to memory of 2636	2356	regsvr32.exe	27
PID 2356 wrote to memory of 2636	2356	regsvr32.exe	27
PID 2356 wrote to memory of 2636	2356	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\69ffcc5b62eee18c996b51494e2638aa.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\69ffcc5b62eee18c996b51494e2638aa.dll
  2⤵
  PID:2636

memory/2636-0-0x0000000000130000-0x000000000014E000-memory.dmp

Filesize
120KB

Download