5e70e080c8374411c4c32f2c4f57fdc85c17ea6c089dc99075d3a0074a5f7216

Analysis

max time kernel
122s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:12

Target

0fb480e26647c708b622b990952af76e.dll
Size

79KB
MD5

0fb480e26647c708b622b990952af76e
SHA1

7de756e2b283c652e03f2b47b9dc1ee7a4e50f84
SHA256

5e70e080c8374411c4c32f2c4f57fdc85c17ea6c089dc99075d3a0074a5f7216
SHA512

ef728358f12e055725adf74eb45673432ec1ddbac01e1d178412d02a30503fcc57efeed7a3f2aab670a4cf3281657106dd23c100f1e82228463f2f69c6970da3
SSDEEP

1536:0xrXKvAAbvmIzK6Lzn6ZiSCiAUkJjWq+/+O9lqfeuXs6AE4KJrxFFfH+9kVx+5S:0+vmR6v6ZJAVJC/befsMx9H6kAS

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2116	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2116	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2116	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2116	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2116	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2116	2232	regsvr32.exe	28
PID 2232 wrote to memory of 2116	2232	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0fb480e26647c708b622b990952af76e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0fb480e26647c708b622b990952af76e.dll
  2⤵
  PID:2116

memory/2116-0-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download