2d533d39cfffa44bc97e92e1b65d1794f77e06bd66615249be693caa61abdfb9

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 00:51

Target

091fb015767e523978ce82d9fd42a2f9.dll
Size

158KB
MD5

091fb015767e523978ce82d9fd42a2f9
SHA1

9fffcd6d40788b33cba1e002573b2c366e0e05a2
SHA256

2d533d39cfffa44bc97e92e1b65d1794f77e06bd66615249be693caa61abdfb9
SHA512

f12563324a5f7b4f285360194f3a708e633017f538a209bfd77710da0e9fac8bb7d14be279d53244c3aa2cc0dde484607d3921d6076a580d1b1c02665806d8dc
SSDEEP

1536:o91lkiu2K3lySgPqPKJsz4rbaZo5lXoUn/Bn8xg5iWqULULI7/VKHqSg:oBkiuJySoqmszUbt//B8xd9OKS/V9S

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1860 wrote to memory of 1696	1860	regsvr32.exe	28
PID 1860 wrote to memory of 1696	1860	regsvr32.exe	28
PID 1860 wrote to memory of 1696	1860	regsvr32.exe	28
PID 1860 wrote to memory of 1696	1860	regsvr32.exe	28
PID 1860 wrote to memory of 1696	1860	regsvr32.exe	28
PID 1860 wrote to memory of 1696	1860	regsvr32.exe	28
PID 1860 wrote to memory of 1696	1860	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\091fb015767e523978ce82d9fd42a2f9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1860
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\091fb015767e523978ce82d9fd42a2f9.dll
  2⤵
  PID:1696

memory/1696-0-0x0000000000170000-0x00000000001B4000-memory.dmp

Filesize
272KB

Download