bb7894fb21e3ca7021062b4d0f0c561c4462bdd7f079c247e15d551227435b61

Analysis

max time kernel
122s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 10:58

Target

16946b1beeb43a237e068eaf189bebd2.dll
Size

809KB
MD5

16946b1beeb43a237e068eaf189bebd2
SHA1

e22c0f83ceafbeaebe35207225d18b90fca20f0b
SHA256

bb7894fb21e3ca7021062b4d0f0c561c4462bdd7f079c247e15d551227435b61
SHA512

6e8bf8d1e7d67e9ba24fefc60d8f79b044c413e85df6f61fcab75118487d02b16042f9009de6cc4b26a1ae28229f7bf6d51ab7553f815c7ef80150d04350ced0
SSDEEP

24576:D8ozamYvCX6DeJHsk/vMK14rZzTWz16H3deMFK/W:Yogu6CJHstK141TuS34MFK/W

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2404	2676	regsvr32.exe	28
PID 2676 wrote to memory of 2404	2676	regsvr32.exe	28
PID 2676 wrote to memory of 2404	2676	regsvr32.exe	28
PID 2676 wrote to memory of 2404	2676	regsvr32.exe	28
PID 2676 wrote to memory of 2404	2676	regsvr32.exe	28
PID 2676 wrote to memory of 2404	2676	regsvr32.exe	28
PID 2676 wrote to memory of 2404	2676	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\16946b1beeb43a237e068eaf189bebd2.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\16946b1beeb43a237e068eaf189bebd2.dll
  2⤵
  PID:2404