6a6fac9f71a0821849cd58f196b80c9f1779fc0aca85fd634bd339223e214d70

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 01:58

Target

0ae4a669d7ae67ff70124006b3e08814.dll
Size

72KB
MD5

0ae4a669d7ae67ff70124006b3e08814
SHA1

dd1adb655fcffcc15866e67543ca18ce6c8e8ab2
SHA256

6a6fac9f71a0821849cd58f196b80c9f1779fc0aca85fd634bd339223e214d70
SHA512

0c9fdfde2aa388ce0d0d73511a571d9093c2f10ff3a58d2b6e13cb397f639f948e3edadb079d4f2ae76deda82990639918af992f94f674a083be589784500d45
SSDEEP

768:ES/5d7qbBtlFTMgfFPRGQHCx8j/LYNOSnDaznQ+AkHRyWQWC2/vCQMj8FXT2tfoL:P5qbB2g9R12Tmjj7ZCw6AAxqP+M

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 2184	1996	regsvr32.exe	28
PID 1996 wrote to memory of 2184	1996	regsvr32.exe	28
PID 1996 wrote to memory of 2184	1996	regsvr32.exe	28
PID 1996 wrote to memory of 2184	1996	regsvr32.exe	28
PID 1996 wrote to memory of 2184	1996	regsvr32.exe	28
PID 1996 wrote to memory of 2184	1996	regsvr32.exe	28
PID 1996 wrote to memory of 2184	1996	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0ae4a669d7ae67ff70124006b3e08814.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0ae4a669d7ae67ff70124006b3e08814.dll
  2⤵
  PID:2184