6b638663b7b806e0b5210b5814101fb9df3fcd44d7639d8a59875073f402601f

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 15:46

Target

3a402724b292d3f9b775f987dc9f22ad.dll
Size

87KB
MD5

3a402724b292d3f9b775f987dc9f22ad
SHA1

51f70094e8ec9b7411d2526be3936a5003ba66fd
SHA256

6b638663b7b806e0b5210b5814101fb9df3fcd44d7639d8a59875073f402601f
SHA512

5a77cf44e5597fe4dc34875223c81b581ae873073fd39955c8c6794624599f99f22b710c347107142ef712cb4fd3950f94afa2ef94c418a8e13bea5805679695
SSDEEP

1536:DmLUMHPq5ZluIE3gHMDyaqnON9DDcOcRFl6Bq8QqRUYcIDbiMfZhegHd:DBiPqZkIkG2MnScOcRFQq8QCikV8Gd

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2408	1936	regsvr32.exe	28
PID 1936 wrote to memory of 2408	1936	regsvr32.exe	28
PID 1936 wrote to memory of 2408	1936	regsvr32.exe	28
PID 1936 wrote to memory of 2408	1936	regsvr32.exe	28
PID 1936 wrote to memory of 2408	1936	regsvr32.exe	28
PID 1936 wrote to memory of 2408	1936	regsvr32.exe	28
PID 1936 wrote to memory of 2408	1936	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3a402724b292d3f9b775f987dc9f22ad.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3a402724b292d3f9b775f987dc9f22ad.dll
  2⤵
  PID:2408

memory/2408-0-0x00000000001B0000-0x00000000001F3000-memory.dmp

Filesize
268KB

Download