2dfb9f3a6da939f706325e564f06632f5984b9d517f521645061d27ed31c59b0

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 19:59

Target

0275de4c7d2a0f6d5fdd0eae25477914.dll
Size

276KB
MD5

0275de4c7d2a0f6d5fdd0eae25477914
SHA1

46a2f59adc4de0ba2af2dffcf65a2e33ab42df93
SHA256

2dfb9f3a6da939f706325e564f06632f5984b9d517f521645061d27ed31c59b0
SHA512

41f1b7c98e46ed8e2d20e768f298171c617c17a2e391ac795c8e626fcca53d284e96f019321c5917137729e8d1ae2f745fb7094cbe7f128ba951b0dc54722a2a
SSDEEP

3072:56iW/4iNc1VgmXo1FOcg0maugsaPIUCUCyLrYeQPV:TiNSemaHg0maugsaPIUCUCyLrYeQPV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2868	2076	regsvr32.exe	16
PID 2076 wrote to memory of 2868	2076	regsvr32.exe	16
PID 2076 wrote to memory of 2868	2076	regsvr32.exe	16
PID 2076 wrote to memory of 2868	2076	regsvr32.exe	16
PID 2076 wrote to memory of 2868	2076	regsvr32.exe	16
PID 2076 wrote to memory of 2868	2076	regsvr32.exe	16
PID 2076 wrote to memory of 2868	2076	regsvr32.exe	16

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0275de4c7d2a0f6d5fdd0eae25477914.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0275de4c7d2a0f6d5fdd0eae25477914.dll
  2⤵
  PID:2868