213dbc3d61ff43172a5d59badffd89212d7a078f980c3dd8eda94dba8b3c4abf

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:39

Target

04a867e4114121609f1ac6130d38bc28.dll
Size

32KB
MD5

04a867e4114121609f1ac6130d38bc28
SHA1

ab67b41697a766472cdd45f7d3ee3ec062f82efe
SHA256

213dbc3d61ff43172a5d59badffd89212d7a078f980c3dd8eda94dba8b3c4abf
SHA512

c0555bf66ae058c2c212a69c113562a61e1f74eb0eaf5219e2e8b7d7e6f244224a427ae6871462ed026f1128c4bddbdcecff917dea9960965669124384aa62c1
SSDEEP

384:lNNe06t9hcln52yq42zX/Z9TlRZd+w3EqipIGdGDBVBss23DCxp8UWHi72k:BeP9hACLPqEEqiVWBh2zCcU2M

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 2944	1108	regsvr32.exe	16
PID 1108 wrote to memory of 2944	1108	regsvr32.exe	16
PID 1108 wrote to memory of 2944	1108	regsvr32.exe	16
PID 1108 wrote to memory of 2944	1108	regsvr32.exe	16
PID 1108 wrote to memory of 2944	1108	regsvr32.exe	16
PID 1108 wrote to memory of 2944	1108	regsvr32.exe	16
PID 1108 wrote to memory of 2944	1108	regsvr32.exe	16

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\04a867e4114121609f1ac6130d38bc28.dll
1⤵
PID:2944

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\04a867e4114121609f1ac6130d38bc28.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1108

memory/2944-0-0x0000000000170000-0x000000000017D000-memory.dmp

Filesize
52KB

Download