93c1ddf3dd6814121d07c7606187b373d94148de44f2490404a3e6e47b5a56a0

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 22:42

Target

3b3fe04c1b977de1b1ee2fb501d51f49.dll
Size

158KB
MD5

3b3fe04c1b977de1b1ee2fb501d51f49
SHA1

ddb9e118aaa77f71295f29864480fd0ff730c8d2
SHA256

93c1ddf3dd6814121d07c7606187b373d94148de44f2490404a3e6e47b5a56a0
SHA512

a5abe3df2d41b6a2680ff517b2c8128652f25efabb9d3b8ba688ea2ec41451d5de075119eed3b6636e6e0f0205b07817cf035865005fad1508a865466ab7775d
SSDEEP

1536:Yb5B0Y8rW7grpitsVMoncFuaHceNES9eVWZP9jeElpis7hEOCb7Z+pi:modrSYTVPcFPHceNuWP9LlppM7ZW

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 2000	2136	regsvr32.exe	17
PID 2136 wrote to memory of 2000	2136	regsvr32.exe	17
PID 2136 wrote to memory of 2000	2136	regsvr32.exe	17
PID 2136 wrote to memory of 2000	2136	regsvr32.exe	17
PID 2136 wrote to memory of 2000	2136	regsvr32.exe	17
PID 2136 wrote to memory of 2000	2136	regsvr32.exe	17
PID 2136 wrote to memory of 2000	2136	regsvr32.exe	17

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3b3fe04c1b977de1b1ee2fb501d51f49.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3b3fe04c1b977de1b1ee2fb501d51f49.dll
  2⤵
  PID:2000

memory/2000-0-0x0000000002120000-0x0000000002163000-memory.dmp

Filesize
268KB

Download