2040b79e5f10a94c8f60f25fd83df82ad3c7c38aa29733877da7006b705e2d7f

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 21:23

Target

f90fec011b41c7fba5e89e9ad5875f22.dll
Size

179KB
MD5

f90fec011b41c7fba5e89e9ad5875f22
SHA1

35616cbca6bc7c685ba2ac870f08f640051264d3
SHA256

2040b79e5f10a94c8f60f25fd83df82ad3c7c38aa29733877da7006b705e2d7f
SHA512

4e5db63400c43b2560f5848418fea970b2fd9398726d5c4e4a055f5790e6fd73a775b5ff6e6f8ebb1f5c0ff63762414b347dbdf2598d62e0c09ac6be7c35f4a6
SSDEEP

3072:JsdGIHG5KOzB3+dtjSc9bwD5eLYNREzX4XUTiOCejkc3OzTvAT:WVS1itjSc05mE6zXNTiOV3O3vAT

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 3052	3040	regsvr32.exe	16
PID 3040 wrote to memory of 3052	3040	regsvr32.exe	16
PID 3040 wrote to memory of 3052	3040	regsvr32.exe	16
PID 3040 wrote to memory of 3052	3040	regsvr32.exe	16
PID 3040 wrote to memory of 3052	3040	regsvr32.exe	16
PID 3040 wrote to memory of 3052	3040	regsvr32.exe	16
PID 3040 wrote to memory of 3052	3040	regsvr32.exe	16

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f90fec011b41c7fba5e89e9ad5875f22.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f90fec011b41c7fba5e89e9ad5875f22.dll
  2⤵
  PID:3052