937a517b453457f9664e2d451dd9ee8ab7bd1b4184fa78595ecbc33b3de282bb

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 23:36

Target

0721bd58974cad6302c36a56d22d970d.dll
Size

44KB
MD5

0721bd58974cad6302c36a56d22d970d
SHA1

62af1d5c157b2c12f5559c6a49c901c0c187717f
SHA256

937a517b453457f9664e2d451dd9ee8ab7bd1b4184fa78595ecbc33b3de282bb
SHA512

f32ebdd33d91e925617156b334426454a2091ec896a2f6ffc2efdba3b6aa8d6026bde677576416b9e4f292f967374604bafe42268b094dc3126a0bf0840d43d5
SSDEEP

768:2CSqWQ1geCiGjLvg9/QiO5OpBlJYmvUcrooQ/tZ26+LGGaQxV3u/eke:RSqWQGPjLvgKiGOpBlGVZZULGGDs/eke

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 1900	2488	regsvr32.exe	14
PID 2488 wrote to memory of 1900	2488	regsvr32.exe	14
PID 2488 wrote to memory of 1900	2488	regsvr32.exe	14
PID 2488 wrote to memory of 1900	2488	regsvr32.exe	14
PID 2488 wrote to memory of 1900	2488	regsvr32.exe	14
PID 2488 wrote to memory of 1900	2488	regsvr32.exe	14
PID 2488 wrote to memory of 1900	2488	regsvr32.exe	14

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\0721bd58974cad6302c36a56d22d970d.dll
1⤵
PID:1900

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0721bd58974cad6302c36a56d22d970d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2488

memory/1900-0-0x0000000000170000-0x0000000000180000-memory.dmp

Filesize
64KB

Download