9de86e4618baac45021cdc2ee3f5c47a2bfe6039c5a768563781645a0f577d74

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:04

Target

2768fa021674bd8923d5b295fe68893a.dll
Size

82KB
MD5

2768fa021674bd8923d5b295fe68893a
SHA1

7d639fe03fbfb5efa7161cd893196c64cbb8615e
SHA256

9de86e4618baac45021cdc2ee3f5c47a2bfe6039c5a768563781645a0f577d74
SHA512

1acd235816edeaf5512cf51c817bf70eb47c494650ddda036d286af44bde96237f08ea3d59928e7e07edb66df139894fbd2980133102c26a56597b635ac11b5d
SSDEEP

1536:l41qnTQf6yPGa8aeDVrs42U/2g+fkGkd674daGrKHO2NvpBM:ldTxyOjxrsZnfkGkd6kdaNNRBM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 1068	2868	regsvr32.exe	28
PID 2868 wrote to memory of 1068	2868	regsvr32.exe	28
PID 2868 wrote to memory of 1068	2868	regsvr32.exe	28
PID 2868 wrote to memory of 1068	2868	regsvr32.exe	28
PID 2868 wrote to memory of 1068	2868	regsvr32.exe	28
PID 2868 wrote to memory of 1068	2868	regsvr32.exe	28
PID 2868 wrote to memory of 1068	2868	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2768fa021674bd8923d5b295fe68893a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2768fa021674bd8923d5b295fe68893a.dll
  2⤵
  PID:1068

memory/1068-0-0x0000000000190000-0x00000000001AA000-memory.dmp

Filesize
104KB

Download