00c0a6452766ba004123794a22d70a9088bd1d3fe3e2d7f6889799ea86e76f90

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 09:20

Target

1456922354bcd0067d6ea7e5e807b6b3.dll
Size

30KB
MD5

1456922354bcd0067d6ea7e5e807b6b3
SHA1

83c97c08fdc5461b949530814909388a11991e3e
SHA256

00c0a6452766ba004123794a22d70a9088bd1d3fe3e2d7f6889799ea86e76f90
SHA512

d2cd36d7084831e05583f3949c5504f12b136b60bf43ecf4639ce71e76373245f1c0a423d6a2e466be6b3181ca44e8899e55b99c714c719c46a3a54ddb86d9e3
SSDEEP

384:lNNe06t9hcisPd4wpmmizx6DRa24AtksaDTYU5m8WIHC/oqp:BeP9hnQe61aGNUlfWwb8

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 1836	1848	regsvr32.exe	14
PID 1848 wrote to memory of 1836	1848	regsvr32.exe	14
PID 1848 wrote to memory of 1836	1848	regsvr32.exe	14
PID 1848 wrote to memory of 1836	1848	regsvr32.exe	14
PID 1848 wrote to memory of 1836	1848	regsvr32.exe	14
PID 1848 wrote to memory of 1836	1848	regsvr32.exe	14
PID 1848 wrote to memory of 1836	1848	regsvr32.exe	14

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\1456922354bcd0067d6ea7e5e807b6b3.dll
1⤵
PID:1836

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1456922354bcd0067d6ea7e5e807b6b3.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1848

memory/1836-0-0x00000000001B0000-0x00000000001BD000-memory.dmp

Filesize
52KB

Download