ca618c581d370ec958954325d514695475a094c667de0929659f250974b26290

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:01

Target

0121015d5255acd8ca784e0405503ed4.dll
Size

59KB
MD5

0121015d5255acd8ca784e0405503ed4
SHA1

8628e77e891850ae47445841ee88b907416f56c6
SHA256

ca618c581d370ec958954325d514695475a094c667de0929659f250974b26290
SHA512

0ab6fcf35c532d3430d06d541bbe51dbec26f618185ce252cb23f22813ff9d4cdd8c24309d4c2a636049c9647f85a450c27153746d091d3edc232f9f98980af4
SSDEEP

768:6Kzy3dxaE4+a6c5KhDTggPHj8LS8I//y6jgcfr41kP/AyYtq9AYuz/G9OWlZUAUL:6Iyu3MTgoHyNhcj41iWthM+t1

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2644 wrote to memory of 2880	2644	regsvr32.exe	28
PID 2644 wrote to memory of 2880	2644	regsvr32.exe	28
PID 2644 wrote to memory of 2880	2644	regsvr32.exe	28
PID 2644 wrote to memory of 2880	2644	regsvr32.exe	28
PID 2644 wrote to memory of 2880	2644	regsvr32.exe	28
PID 2644 wrote to memory of 2880	2644	regsvr32.exe	28
PID 2644 wrote to memory of 2880	2644	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0121015d5255acd8ca784e0405503ed4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2644
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0121015d5255acd8ca784e0405503ed4.dll
  2⤵
  PID:2880

memory/2880-0-0x00000000002E0000-0x000000000031A000-memory.dmp

Filesize
232KB

Download
memory/2880-1-0x00000000002E0000-0x000000000031A000-memory.dmp

Filesize
232KB

Download