5a23b6dcbddc0dd13c26ce0d76d27b43d5cc57f107d61d303b0c4d8030a55984

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 00:14

Target

082bf5c4b1ebd6dff9b76e3e0787afea.dll
Size

85KB
MD5

082bf5c4b1ebd6dff9b76e3e0787afea
SHA1

952cbe9364efadb2cce630b5f91da4883c0b784e
SHA256

5a23b6dcbddc0dd13c26ce0d76d27b43d5cc57f107d61d303b0c4d8030a55984
SHA512

660eef9b5ef67a47351acd44f6e731910bf65b357b3ae4086de73e2c9519372afb381bb70b445ff46e91a75f3cc647ba7d973fc57babb849419830304a4e09b1
SSDEEP

1536:PWMbzeRDuFA2AsTwvJkhNw1tsz4rbaZo5lXoUn/Bn8xg5iWqUQEYJHnSAho:PSuq2tEvShNGtszUbt//B8xd9ppSQo

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2312	2076	regsvr32.exe	28
PID 2076 wrote to memory of 2312	2076	regsvr32.exe	28
PID 2076 wrote to memory of 2312	2076	regsvr32.exe	28
PID 2076 wrote to memory of 2312	2076	regsvr32.exe	28
PID 2076 wrote to memory of 2312	2076	regsvr32.exe	28
PID 2076 wrote to memory of 2312	2076	regsvr32.exe	28
PID 2076 wrote to memory of 2312	2076	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\082bf5c4b1ebd6dff9b76e3e0787afea.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\082bf5c4b1ebd6dff9b76e3e0787afea.dll
  2⤵
  PID:2312

memory/2312-0-0x00000000000E0000-0x0000000000123000-memory.dmp

Filesize
268KB

Download