6571869a8f478ae1e711475c298aaf8e9f89d7700859b72068d1a3faff6d5063

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 21:18

Target

3de94cef2aff1754097f372330c067c5.dll
Size

30KB
MD5

3de94cef2aff1754097f372330c067c5
SHA1

7d178ce88019518616607588187c65138a888f23
SHA256

6571869a8f478ae1e711475c298aaf8e9f89d7700859b72068d1a3faff6d5063
SHA512

7ef62eddd48d9ee0bc204abf8a2b2c859c12aae401149a804e6a17a1c73097bfd8424abb3a7c19b0898e0b7dd74a6d686d905d9712c10324845e9846a25e3d65
SSDEEP

384:BByuzek/ySFy8JXbV5IEj0M/mR0HIPuncBbsVlWokLeb4VJ34C4AzdDP7kFyqf:NM8JXbV5N0/R0HI1ZsHW1yYjdDP0yk

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 2700	1488	regsvr32.exe	15
PID 1488 wrote to memory of 2700	1488	regsvr32.exe	15
PID 1488 wrote to memory of 2700	1488	regsvr32.exe	15
PID 1488 wrote to memory of 2700	1488	regsvr32.exe	15
PID 1488 wrote to memory of 2700	1488	regsvr32.exe	15
PID 1488 wrote to memory of 2700	1488	regsvr32.exe	15
PID 1488 wrote to memory of 2700	1488	regsvr32.exe	15

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3de94cef2aff1754097f372330c067c5.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\3de94cef2aff1754097f372330c067c5.dll
  2⤵
  PID:2700

memory/2700-0-0x0000000000430000-0x000000000043D000-memory.dmp

Filesize
52KB

Download