796dde665a3b1c9ebc1a0a73a7bfdf6ac66010684a782a8845e0093cc72e461a

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:07

Target

180415204118b5aa2f540810112771aa.dll
Size

160KB
MD5

180415204118b5aa2f540810112771aa
SHA1

a923405796151a7f578435a73ef9c34c50269400
SHA256

796dde665a3b1c9ebc1a0a73a7bfdf6ac66010684a782a8845e0093cc72e461a
SHA512

7391b84d2052354b7d5cbb0dfc90e5cdea66cdf7314e795574abe67d6633a4a91202e7d852b94cc10b3b2751f72fc1782d9478e0bf930dfa5714436ca83f46b9
SSDEEP

1536:7Rfbm3Kf4MyRVehVqETpgA866Cdip6C9DJ9yFzYJ0P5TW+Vif3cIMSJPw:7RfbMK67eh3TpgAcCSLJszYJ0hVifA

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2520	2208	regsvr32.exe	28
PID 2208 wrote to memory of 2520	2208	regsvr32.exe	28
PID 2208 wrote to memory of 2520	2208	regsvr32.exe	28
PID 2208 wrote to memory of 2520	2208	regsvr32.exe	28
PID 2208 wrote to memory of 2520	2208	regsvr32.exe	28
PID 2208 wrote to memory of 2520	2208	regsvr32.exe	28
PID 2208 wrote to memory of 2520	2208	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\180415204118b5aa2f540810112771aa.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\180415204118b5aa2f540810112771aa.dll
  2⤵
  PID:2520