4cbefdf89e7cb5b0bea4155e03301db36b71dae1d98439062c11859e90ab486c

Analysis

max time kernel
121s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:43

Target

387a19419ef4244e5b4d3294759f9454.dll
Size

158KB
MD5

387a19419ef4244e5b4d3294759f9454
SHA1

ec9e9ff8afb0aeaaee2f971db9ecf6a07e2eae76
SHA256

4cbefdf89e7cb5b0bea4155e03301db36b71dae1d98439062c11859e90ab486c
SHA512

d031a9d86e71a92efecb4904a015b5e7776d0e9f1c331bb34a09af72d81bbea01d098683d23d5c0f83489b4c3c25510fc1c4415510c3900e2c949c6536ab6464
SSDEEP

1536:slHDW+kZ2CH0MJgZ3rvll39S3ztIEU9SANWnpFR/Hrg531SKRidLkh:ss+DCTmZ5ZAtIEJ7v8h1SM

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2876	2872	regsvr32.exe	28
PID 2872 wrote to memory of 2876	2872	regsvr32.exe	28
PID 2872 wrote to memory of 2876	2872	regsvr32.exe	28
PID 2872 wrote to memory of 2876	2872	regsvr32.exe	28
PID 2872 wrote to memory of 2876	2872	regsvr32.exe	28
PID 2872 wrote to memory of 2876	2872	regsvr32.exe	28
PID 2872 wrote to memory of 2876	2872	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\387a19419ef4244e5b4d3294759f9454.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\387a19419ef4244e5b4d3294759f9454.dll
  2⤵
  PID:2876

memory/2876-0-0x00000000001B0000-0x00000000001F8000-memory.dmp

Filesize
288KB

Download
memory/2876-1-0x00000000001B0000-0x00000000001F8000-memory.dmp

Filesize
288KB

Download