e2cbfa50bae7d5d869e4a41170c64c6fa2938ab0686b500579acf41ac49bdc3e

Analysis

max time kernel
117s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:37

Target

049c91ad971a33333bca03520c8b8849.dll
Size

29KB
MD5

049c91ad971a33333bca03520c8b8849
SHA1

7c5e1a0155829d80166e3292d90a3f80054cd850
SHA256

e2cbfa50bae7d5d869e4a41170c64c6fa2938ab0686b500579acf41ac49bdc3e
SHA512

f83e95b207692c2d565735a4f03b9593f60955c58fd73e24868d0aaf78220af45af336aa6d8face0e4d7a634b51431d00e4a5d602138c2311b421dc5534f3e02
SSDEEP

384:qNNe06t9hcIgly3ZNDBhb1e6hKtGEaxGnH/qoDte8+Jg8WIHa96Z:eeP9hdhKtGgH/6lBWwa

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 368 wrote to memory of 2008	368	regsvr32.exe	28
PID 368 wrote to memory of 2008	368	regsvr32.exe	28
PID 368 wrote to memory of 2008	368	regsvr32.exe	28
PID 368 wrote to memory of 2008	368	regsvr32.exe	28
PID 368 wrote to memory of 2008	368	regsvr32.exe	28
PID 368 wrote to memory of 2008	368	regsvr32.exe	28
PID 368 wrote to memory of 2008	368	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\049c91ad971a33333bca03520c8b8849.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:368
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\049c91ad971a33333bca03520c8b8849.dll
  2⤵
  PID:2008

memory/2008-0-0x0000000000150000-0x000000000015D000-memory.dmp

Filesize
52KB

Download