d729eb6adda55a346465f666de06518a35680410403e6808f24ed80f95ff0445

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:32

Target

1735a8495d598b1b4d37940a44d66fdf.dll
Size

155KB
MD5

1735a8495d598b1b4d37940a44d66fdf
SHA1

986f3113fbb84e88be998f54ea84974f020aee74
SHA256

d729eb6adda55a346465f666de06518a35680410403e6808f24ed80f95ff0445
SHA512

d0b803282e2609f02ed3fa948d3b4cf2c9ec21a0f97373e984f65700c8742472d43cc9e972d02fafc71de782e25334367d130b7b4ad290ee26bb38991c73bb07
SSDEEP

3072:nJED0Bc4D0Bc4D0Bc4D0Bc4D0Bc4D0Bc4D0Bc4D0Bc4D0Bc4D0Bcf:nuAAAAAAAAAf

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2964	2952	regsvr32.exe	28
PID 2952 wrote to memory of 2964	2952	regsvr32.exe	28
PID 2952 wrote to memory of 2964	2952	regsvr32.exe	28
PID 2952 wrote to memory of 2964	2952	regsvr32.exe	28
PID 2952 wrote to memory of 2964	2952	regsvr32.exe	28
PID 2952 wrote to memory of 2964	2952	regsvr32.exe	28
PID 2952 wrote to memory of 2964	2952	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1735a8495d598b1b4d37940a44d66fdf.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1735a8495d598b1b4d37940a44d66fdf.dll
  2⤵
  PID:2964

memory/2964-0-0x00000000000C0000-0x00000000000D4000-memory.dmp

Filesize
80KB

Download
memory/2964-1-0x00000000000C0000-0x00000000000D4000-memory.dmp

Filesize
80KB

Download