a632ec81ed26cb3c6c09dd875963e0c25d139e21e9052c3035718b9ffe7966f7

Analysis

max time kernel
122s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 14:32

Target

493b03cf78267c2adae63bcd1a46d8b8.dll
Size

140KB
MD5

493b03cf78267c2adae63bcd1a46d8b8
SHA1

7f38ba82ac70a76b488542e80c36694ddfb60b23
SHA256

a632ec81ed26cb3c6c09dd875963e0c25d139e21e9052c3035718b9ffe7966f7
SHA512

622d4691997d1eacfdbd03fd524f6de6671878f82524d39a60152e54a61bab34b48c492a3da43fb22bbee240b48e09ac6a97a057341d87bfe0db9f8fc56f6590
SSDEEP

1536:PdLoeq3OBg94N+FaNYLY8pENeJZDVU/Sx2YPhviKWrYZe1zkNuk2RdQzkSe3:PBo53OC4wFaNtxiZDkSdsrYrNukPzkt

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 2580	2608	regsvr32.exe	28
PID 2608 wrote to memory of 2580	2608	regsvr32.exe	28
PID 2608 wrote to memory of 2580	2608	regsvr32.exe	28
PID 2608 wrote to memory of 2580	2608	regsvr32.exe	28
PID 2608 wrote to memory of 2580	2608	regsvr32.exe	28
PID 2608 wrote to memory of 2580	2608	regsvr32.exe	28
PID 2608 wrote to memory of 2580	2608	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\493b03cf78267c2adae63bcd1a46d8b8.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\493b03cf78267c2adae63bcd1a46d8b8.dll
  2⤵
  PID:2580

memory/2580-0-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download