9aa4530eca55a6676274a3d154f3d11f8bf04ec00345196a31f2ca23df7cd13a

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 03:18

Target

261d36674e26f3e1699d417487b94a74.dll
Size

126KB
MD5

261d36674e26f3e1699d417487b94a74
SHA1

bd5ae609977386d3aaed3c62b308dc01732e4d0f
SHA256

9aa4530eca55a6676274a3d154f3d11f8bf04ec00345196a31f2ca23df7cd13a
SHA512

32953eb882c660c598ccbdbaf650da7426251ee217aeb649fe9978c5c7b642f9bee84c38d2249ea0a6ec8eacfd254a40343bc2501f2f1085ddaac74039fc2e72
SSDEEP

3072:oMG/XLJdhEEQA8f6VDnF+TzWRAD6AuUJWRDMwf44VOOPH2qq9:LyBxQtIOCUJWSw9z

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 1660	2928	regsvr32.exe	16
PID 2928 wrote to memory of 1660	2928	regsvr32.exe	16
PID 2928 wrote to memory of 1660	2928	regsvr32.exe	16
PID 2928 wrote to memory of 1660	2928	regsvr32.exe	16
PID 2928 wrote to memory of 1660	2928	regsvr32.exe	16
PID 2928 wrote to memory of 1660	2928	regsvr32.exe	16
PID 2928 wrote to memory of 1660	2928	regsvr32.exe	16

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\261d36674e26f3e1699d417487b94a74.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\261d36674e26f3e1699d417487b94a74.dll
  2⤵
  PID:1660

memory/1660-0-0x0000000000230000-0x0000000000254000-memory.dmp

Filesize
144KB

Download