ac6fc0d38241f4ebc734846fcafac16df5f2f81fd9ea3aff3c45a9d88ae5a3b4

Analysis

max time kernel
119s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 20:21

Target

1bbe38e6152bfb9e21f94613375e1c6f.dll
Size

82KB
MD5

1bbe38e6152bfb9e21f94613375e1c6f
SHA1

27b98a5be0e63b05db3d26d67553c119e7bcdd38
SHA256

ac6fc0d38241f4ebc734846fcafac16df5f2f81fd9ea3aff3c45a9d88ae5a3b4
SHA512

a69312d3de5b2db808e303a170a49868785a5dc420dfc23b57f9794995d97cc45c656673ad7e71db53b7dbfec9c8b76990a8d59968fcbae8fa3557051a982ad1
SSDEEP

1536:12m5yduAwceoYWafq9ok7vKcdScNxaJPvNWlGBdh9TcAj:YIWw1pWz/9dlvyPvAI94w

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 2664	2852	regsvr32.exe	28
PID 2852 wrote to memory of 2664	2852	regsvr32.exe	28
PID 2852 wrote to memory of 2664	2852	regsvr32.exe	28
PID 2852 wrote to memory of 2664	2852	regsvr32.exe	28
PID 2852 wrote to memory of 2664	2852	regsvr32.exe	28
PID 2852 wrote to memory of 2664	2852	regsvr32.exe	28
PID 2852 wrote to memory of 2664	2852	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1bbe38e6152bfb9e21f94613375e1c6f.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1bbe38e6152bfb9e21f94613375e1c6f.dll
  2⤵
  PID:2664

memory/2664-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2664-1-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download