0b46fde1b10988021326c5b916e95f1aa467017eac1ce91824b7e78eccf90fbc

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 18:04

Target

000019b7038846792b52bac45851ec28.dll
Size

19KB
MD5

000019b7038846792b52bac45851ec28
SHA1

53eca9b70c47ecd721b21e1eaf89d12843802544
SHA256

0b46fde1b10988021326c5b916e95f1aa467017eac1ce91824b7e78eccf90fbc
SHA512

0ea7eb022ee4eec3276fd9aa8ca793bc490cb04656580e3332c027a0ab7fa0df73fa11968ea2c361a1e807b44e49a20fe95538f3e14b452ec27a79a8f3f9588b
SSDEEP

384:DSWWTEcWaoEYKFbGHI71sRZ0oX0Zt0CShy8Mhef2oZm7RmaubWgxYX+MsNbuz:NIoERbVyReq0f0CShy8h28g9ubTx2R

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2008	1712	regsvr32.exe	28
PID 1712 wrote to memory of 2008	1712	regsvr32.exe	28
PID 1712 wrote to memory of 2008	1712	regsvr32.exe	28
PID 1712 wrote to memory of 2008	1712	regsvr32.exe	28
PID 1712 wrote to memory of 2008	1712	regsvr32.exe	28
PID 1712 wrote to memory of 2008	1712	regsvr32.exe	28
PID 1712 wrote to memory of 2008	1712	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\000019b7038846792b52bac45851ec28.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\000019b7038846792b52bac45851ec28.dll
  2⤵
  PID:2008

memory/2008-0-0x0000000000280000-0x000000000029D000-memory.dmp

Filesize
116KB

Download