c8d77cd4450148eb993189e79d9d38972118ab8a804e1ef5dfe608c388b03076

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 07:42

Target

1272108050530087224b88c7d7ab87aa.dll
Size

155KB
MD5

1272108050530087224b88c7d7ab87aa
SHA1

e0f8c5344a0e6e6e2782ef39e00ac1a1c5ec428f
SHA256

c8d77cd4450148eb993189e79d9d38972118ab8a804e1ef5dfe608c388b03076
SHA512

12f555482cf248925e1cb1a588c5333f480bc05785e7dee0c99068a9e47ca632235c131b2095f7f9782cfda4f05c3589ec0edd9d2afbf9a8525b1865db8a5ae7
SSDEEP

3072:QVrj+Brqaj+Brqaj+Brqaj+Brqaj+Brqaj+Brqaj+Brqaj+Brqaj+Brqaj+BrqM:QkurururururururururuM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2116	1716	regsvr32.exe	28
PID 1716 wrote to memory of 2116	1716	regsvr32.exe	28
PID 1716 wrote to memory of 2116	1716	regsvr32.exe	28
PID 1716 wrote to memory of 2116	1716	regsvr32.exe	28
PID 1716 wrote to memory of 2116	1716	regsvr32.exe	28
PID 1716 wrote to memory of 2116	1716	regsvr32.exe	28
PID 1716 wrote to memory of 2116	1716	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1272108050530087224b88c7d7ab87aa.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1272108050530087224b88c7d7ab87aa.dll
  2⤵
  PID:2116