e188ff2df0980d60ba08fa644b905350b93c4b12307d833f9aacae1ace3b2a57

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 11:39

Target

1759f0b660c5ea9909eb8e11c563534f.dll
Size

524KB
MD5

1759f0b660c5ea9909eb8e11c563534f
SHA1

61bbe6391d00a54187f8aaf409010340af1719ad
SHA256

e188ff2df0980d60ba08fa644b905350b93c4b12307d833f9aacae1ace3b2a57
SHA512

bbe331878ba0a303f9e7907509f3dc371e416c97e9041772c26809ee98622327cc8bf7ea9ea3dbea59fb9448231ef1c00846accd34c9be27887d2bc8cb068096
SSDEEP

6144:rfUbJV/na8f+ubUnbguMilokgkKskqvORHFbjq6c/VK2A:r4V/nahmUn8uMilok8J+T/Q

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2748	2112	regsvr32.exe	28
PID 2112 wrote to memory of 2748	2112	regsvr32.exe	28
PID 2112 wrote to memory of 2748	2112	regsvr32.exe	28
PID 2112 wrote to memory of 2748	2112	regsvr32.exe	28
PID 2112 wrote to memory of 2748	2112	regsvr32.exe	28
PID 2112 wrote to memory of 2748	2112	regsvr32.exe	28
PID 2112 wrote to memory of 2748	2112	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1759f0b660c5ea9909eb8e11c563534f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1759f0b660c5ea9909eb8e11c563534f.dll
  2⤵
  PID:2748