45ad4fb2177e14dd7ba9dbde43662ce4b600fc549b70caba4a806f28da837ead

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:10

Target

376428343474a5e0faf06796c3c11143.dll
Size

116KB
MD5

376428343474a5e0faf06796c3c11143
SHA1

38e1da8cf3c3059699aa5e78573c44246cde436d
SHA256

45ad4fb2177e14dd7ba9dbde43662ce4b600fc549b70caba4a806f28da837ead
SHA512

208fd97ba9deee1669406a0a9b6992a891aeb74f546aa4f874359ff811fb5389edcb03aced7e411e3457b5968a5fd04019793e8d8ad95bb9ffbbe8db49dc8890
SSDEEP

768:bnzQoiSUqZOXQnSrovwCOCu2lqWfmw/1F/+w+A0BfNlSyEA0fOt5EMlj4u81Sq9C:bnzQvFqZWQBbHxewd0LlSyEcxq9C

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2892	2216	regsvr32.exe	28
PID 2216 wrote to memory of 2892	2216	regsvr32.exe	28
PID 2216 wrote to memory of 2892	2216	regsvr32.exe	28
PID 2216 wrote to memory of 2892	2216	regsvr32.exe	28
PID 2216 wrote to memory of 2892	2216	regsvr32.exe	28
PID 2216 wrote to memory of 2892	2216	regsvr32.exe	28
PID 2216 wrote to memory of 2892	2216	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\376428343474a5e0faf06796c3c11143.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\376428343474a5e0faf06796c3c11143.dll
  2⤵
  PID:2892

memory/2892-0-0x00000000001E0000-0x00000000001FD000-memory.dmp

Filesize
116KB

Download