0ca93f97434a7311f4eda6476d6b76aed753c5e5b34eefd4507fff1cac6fb063

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 14:28

Target

1b6d0e044569310fdbcbfe6d3780f605.dll
Size

124KB
MD5

1b6d0e044569310fdbcbfe6d3780f605
SHA1

a3b8c4a65a075eae1d12a8e7d6619836d77d02d1
SHA256

0ca93f97434a7311f4eda6476d6b76aed753c5e5b34eefd4507fff1cac6fb063
SHA512

c8bc0958adea232c6d84d05e587c019cef9b416c5c26a080c2f9e56b2cc8f50ae466fdef355c1ef74b537e2aa1d2354633214cef7f1d02a34592739834bbed9e
SSDEEP

3072:AMpULtUTGlgXAozGCJSIrdQNyvx4yojiBd3DTHPOx0rSSS+LGpY7zwyO:DGJUGoQQCg6kBxfHPOm9HGs

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2256	2228	regsvr32.exe	28
PID 2228 wrote to memory of 2256	2228	regsvr32.exe	28
PID 2228 wrote to memory of 2256	2228	regsvr32.exe	28
PID 2228 wrote to memory of 2256	2228	regsvr32.exe	28
PID 2228 wrote to memory of 2256	2228	regsvr32.exe	28
PID 2228 wrote to memory of 2256	2228	regsvr32.exe	28
PID 2228 wrote to memory of 2256	2228	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1b6d0e044569310fdbcbfe6d3780f605.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1b6d0e044569310fdbcbfe6d3780f605.dll
  2⤵
  PID:2256

memory/2256-0-0x0000000000350000-0x0000000000374000-memory.dmp

Filesize
144KB

Download