5a5c196564d5110e7fa179dac0416d42c09952904d79c576d4a3d1f0d7a07e22

Analysis

max time kernel
78s
max time network
28s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 15:58

Target

7acdc480d0f7d75feeed5e10c1fa0140.dll
Size

244KB
MD5

7acdc480d0f7d75feeed5e10c1fa0140
SHA1

bb1d35d5fedc733b2956299f89a139f8adca099d
SHA256

5a5c196564d5110e7fa179dac0416d42c09952904d79c576d4a3d1f0d7a07e22
SHA512

c8877c696dbfe83f85313419bbcd36cd1f659ee751116b042bb0a86bc97444d04737da2f71b7fcafea6763ef248fd0e9cbf5b2c3b3d8ae9a5aeb291306bbf590
SSDEEP

3072:nn8WBFyg+lCC7+O6B1GFnMU+i9ZRPptNtlxHxdXF8Bh6d9sSHPNgAD:8WLz+lNmcMXeZ8Derd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 1652	2608	regsvr32.exe	29
PID 2608 wrote to memory of 1652	2608	regsvr32.exe	29
PID 2608 wrote to memory of 1652	2608	regsvr32.exe	29
PID 2608 wrote to memory of 1652	2608	regsvr32.exe	29
PID 2608 wrote to memory of 1652	2608	regsvr32.exe	29
PID 2608 wrote to memory of 1652	2608	regsvr32.exe	29
PID 2608 wrote to memory of 1652	2608	regsvr32.exe	29

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7acdc480d0f7d75feeed5e10c1fa0140.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7acdc480d0f7d75feeed5e10c1fa0140.dll
  2⤵
  PID:1652

memory/1652-0-0x000000006D1D0000-0x000000006D20E000-memory.dmp

Filesize
248KB

Download