549b2aa8cb2a58008a95f44260f44f195de6953b20969b31b4f6e1ada05f5090

Analysis

max time kernel
118s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:18

Target

2d170d9d6d3d5c8ea3181f4d9f1d7c2a.dll
Size

47KB
MD5

2d170d9d6d3d5c8ea3181f4d9f1d7c2a
SHA1

c278cdfe5f755d104c4c6966c646d06119336f68
SHA256

549b2aa8cb2a58008a95f44260f44f195de6953b20969b31b4f6e1ada05f5090
SHA512

44d3be0faca4c1ed7c616cc68a14b88c94ec207c1ebf5038bfdb8c689c6c2813b09094a8a26c7fe110acb11c130a099db023f28d846af3893bc5d4b6841c0b20
SSDEEP

768:fFfC988UorriKTM5PgL3LvbQtSsiHCjMA4CTXs1jMyXrX87yPaxXewFQpOOx:fOaeooL3LvbQtSsiHCj/411Y8rX8uPa/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 2980	2556	regsvr32.exe	16
PID 2556 wrote to memory of 2980	2556	regsvr32.exe	16
PID 2556 wrote to memory of 2980	2556	regsvr32.exe	16
PID 2556 wrote to memory of 2980	2556	regsvr32.exe	16
PID 2556 wrote to memory of 2980	2556	regsvr32.exe	16
PID 2556 wrote to memory of 2980	2556	regsvr32.exe	16
PID 2556 wrote to memory of 2980	2556	regsvr32.exe	16

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2d170d9d6d3d5c8ea3181f4d9f1d7c2a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\2d170d9d6d3d5c8ea3181f4d9f1d7c2a.dll
  2⤵
  PID:2980

memory/2980-0-0x0000000000170000-0x0000000000181000-memory.dmp

Filesize
68KB

Download