e1b0a6a635c9370b90dd15a6349b8222cd90a822cd7daf3abe28a425bef4df27

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:38

Target

0bef4db3745b67e43f95e94e7d7d7157.dll
Size

49KB
MD5

0bef4db3745b67e43f95e94e7d7d7157
SHA1

3edc0f7acd2e3002c58c6d30e7ffd2df9170f645
SHA256

e1b0a6a635c9370b90dd15a6349b8222cd90a822cd7daf3abe28a425bef4df27
SHA512

aaafc22d6f5fec2c7d8b8c4137f9737c91808c232695c47888afbc9ecde0e69016a3882761a9bc17a140f58f2beffc852fd6fd7895ec13b49df29f75d2c9803c
SSDEEP

768:TmpM8NNPVOTh87RRd4Qxr+xJMV0vBJ4vrv40Op5Fm1x6HQpdEvCeXJ36y:TaLcKlRdXqTMV0vBJOD4d3m1x6HA+cy

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2080	3012	regsvr32.exe	28
PID 3012 wrote to memory of 2080	3012	regsvr32.exe	28
PID 3012 wrote to memory of 2080	3012	regsvr32.exe	28
PID 3012 wrote to memory of 2080	3012	regsvr32.exe	28
PID 3012 wrote to memory of 2080	3012	regsvr32.exe	28
PID 3012 wrote to memory of 2080	3012	regsvr32.exe	28
PID 3012 wrote to memory of 2080	3012	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0bef4db3745b67e43f95e94e7d7d7157.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0bef4db3745b67e43f95e94e7d7d7157.dll
  2⤵
  PID:2080

memory/2080-0-0x00000000001E0000-0x00000000001F1000-memory.dmp

Filesize
68KB

Download