e25361e941919185c9d91bb0e89c6013ae6764b0be8617b20e757315d82a2249

Analysis

max time kernel
122s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 20:32

Target

f6285014cc7c5147c212a42777bef8f2.dll
Size

295KB
MD5

f6285014cc7c5147c212a42777bef8f2
SHA1

8b0222f95232a250e4b5112fb1ccf73e0d5b57cb
SHA256

e25361e941919185c9d91bb0e89c6013ae6764b0be8617b20e757315d82a2249
SHA512

7149fb6de210a22f91a9a32efc9b6ef257a117b1cd0ab8e3da5eb1a4b4184023fa94add544bd5796f0d193ad04f1f9c78999ba838e09b477234fcaf637433531
SSDEEP

6144:lizlam4TnZKzNGS76zJiLMg26irsQQzmQU4+an7eWyqsm:wzlamcnZu4keJNg26ioQQzmQuaX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 1904	2904	regsvr32.exe	27
PID 2904 wrote to memory of 1904	2904	regsvr32.exe	27
PID 2904 wrote to memory of 1904	2904	regsvr32.exe	27
PID 2904 wrote to memory of 1904	2904	regsvr32.exe	27
PID 2904 wrote to memory of 1904	2904	regsvr32.exe	27
PID 2904 wrote to memory of 1904	2904	regsvr32.exe	27
PID 2904 wrote to memory of 1904	2904	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\f6285014cc7c5147c212a42777bef8f2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\f6285014cc7c5147c212a42777bef8f2.dll
  2⤵
  PID:1904