d74ea5d2725f5168c3467193dfc0bf349d3817f01d652196cb7624cdfad98379

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:04

Target

066b15eb9971aba20a181c32a55a5717.dll
Size

79KB
MD5

066b15eb9971aba20a181c32a55a5717
SHA1

dc4a8ba66c7d2174aafcca6b29d3cf99a30f7234
SHA256

d74ea5d2725f5168c3467193dfc0bf349d3817f01d652196cb7624cdfad98379
SHA512

6167c4b008446ddc6ea5af45cca7fb06f01d45f13cbd6f3c0dcaf5c29b424ebb95f2b8686df9a3271bdf1b6a2873bdb2504b347f5387127925250488d516b9bf
SSDEEP

1536:rC6PxbLrg5bAhKxqnsZl7qBjfNNT3p/N/9XBB6y+JWcrJRDM9tFQ:FjgmhKxqnXNNTr/9xhc1RL

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2372	2612	regsvr32.exe	16
PID 2612 wrote to memory of 2372	2612	regsvr32.exe	16
PID 2612 wrote to memory of 2372	2612	regsvr32.exe	16
PID 2612 wrote to memory of 2372	2612	regsvr32.exe	16
PID 2612 wrote to memory of 2372	2612	regsvr32.exe	16
PID 2612 wrote to memory of 2372	2612	regsvr32.exe	16
PID 2612 wrote to memory of 2372	2612	regsvr32.exe	16

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\066b15eb9971aba20a181c32a55a5717.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\066b15eb9971aba20a181c32a55a5717.dll
  2⤵
  PID:2372

memory/2372-0-0x00000000001E0000-0x000000000021E000-memory.dmp

Filesize
248KB

Download