4684a992f9a548af32fabd572ad86211bda549b56f295d4b77c5a7ec79143647

Analysis

max time kernel
121s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 22:33

Target

1e9174e9726ff90b3b7918f2f8c9d00e.dll
Size

578KB
MD5

1e9174e9726ff90b3b7918f2f8c9d00e
SHA1

7db2841d60977b66160f30671203cc883ff4a9ce
SHA256

4684a992f9a548af32fabd572ad86211bda549b56f295d4b77c5a7ec79143647
SHA512

39b937e33992ad979017e54f6223c957ace488eb2d8eb7105ac52ee493b3c3d983cdfad950376b6668675e3a523ae3ba301994695eff5c11291791a3ba026062
SSDEEP

12288:UU0BFtvsPUkGXgDkmBxAJmKVg8zThh6XQ1xoWUAGfTX3N:UVXtyLGwDJkJxVVzXIIxosGfTX

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2340 wrote to memory of 1796	2340	regsvr32.exe	15
PID 2340 wrote to memory of 1796	2340	regsvr32.exe	15
PID 2340 wrote to memory of 1796	2340	regsvr32.exe	15
PID 2340 wrote to memory of 1796	2340	regsvr32.exe	15
PID 2340 wrote to memory of 1796	2340	regsvr32.exe	15
PID 2340 wrote to memory of 1796	2340	regsvr32.exe	15
PID 2340 wrote to memory of 1796	2340	regsvr32.exe	15

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1e9174e9726ff90b3b7918f2f8c9d00e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2340
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1e9174e9726ff90b3b7918f2f8c9d00e.dll
  2⤵
  PID:1796

memory/1796-0-0x00000000001C0000-0x0000000000258000-memory.dmp

Filesize
608KB

Download
memory/1796-1-0x00000000001C0000-0x0000000000258000-memory.dmp

Filesize
608KB

Download