94d3f4ddcab2d1c14580c9b45082fdc100f79c5a705fc80d536a5c52f7220b28

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 20:48

Target

41e08d760f814cf4e7b614c96b0fd352.dll
Size

210KB
MD5

41e08d760f814cf4e7b614c96b0fd352
SHA1

ccc19ccb27a4f9b2c4bbc84c2bb59beb2f13b6ed
SHA256

94d3f4ddcab2d1c14580c9b45082fdc100f79c5a705fc80d536a5c52f7220b28
SHA512

73535caa5845516f1232ddcef81903ebebf56a75ab822bf99169f96866fea340b3d0a33358dd09a292faa930e42c8dbb6863678c83da1cb98bc5c5c0f22f5012
SSDEEP

1536:Akfo7zOP9pkfo7zOP9pkfo7zOP9pkfo7zOP9pkfo7zOP9pkfo7zOP9pkfo7zOP9:WzC9TzC9TzC9TzC9TzC9TzC9TzC9

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 1880	2236	regsvr32.exe	28
PID 2236 wrote to memory of 1880	2236	regsvr32.exe	28
PID 2236 wrote to memory of 1880	2236	regsvr32.exe	28
PID 2236 wrote to memory of 1880	2236	regsvr32.exe	28
PID 2236 wrote to memory of 1880	2236	regsvr32.exe	28
PID 2236 wrote to memory of 1880	2236	regsvr32.exe	28
PID 2236 wrote to memory of 1880	2236	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\41e08d760f814cf4e7b614c96b0fd352.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\41e08d760f814cf4e7b614c96b0fd352.dll
  2⤵
  PID:1880

memory/1880-0-0x0000000000130000-0x000000000013D000-memory.dmp

Filesize
52KB

Download