863b32c165b1ea6a76cc2cb2b1c48cb4fdf4dd788dfa70b6d71189c261ed3624

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 23:43

Target

4cc477972adea2a2e71df59d5658d34c.dll
Size

36KB
MD5

4cc477972adea2a2e71df59d5658d34c
SHA1

ca6dafa9d01c7ea881564b3ad0c774cb1f0a6bf1
SHA256

863b32c165b1ea6a76cc2cb2b1c48cb4fdf4dd788dfa70b6d71189c261ed3624
SHA512

272e3c255fa3e75fa00abd1a8915b1170b9aeac5f40f0238535701a2813737d55eec2869345938f9a57facc6f136db4a5ff212aa9a1c37f904eb773636ac77fd
SSDEEP

384:wd+k6d9hJyfICTl71+4v5mMugOApEqrL364vpLGYzRqM7jPY8WIHbu3sjFbdiU0D:6+v9horSZOESLq4v1tHLWwa3+bAP

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2136	2512	regsvr32.exe	28
PID 2512 wrote to memory of 2136	2512	regsvr32.exe	28
PID 2512 wrote to memory of 2136	2512	regsvr32.exe	28
PID 2512 wrote to memory of 2136	2512	regsvr32.exe	28
PID 2512 wrote to memory of 2136	2512	regsvr32.exe	28
PID 2512 wrote to memory of 2136	2512	regsvr32.exe	28
PID 2512 wrote to memory of 2136	2512	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4cc477972adea2a2e71df59d5658d34c.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4cc477972adea2a2e71df59d5658d34c.dll
  2⤵
  PID:2136

memory/2136-0-0x00000000001C0000-0x00000000001CE000-memory.dmp

Filesize
56KB

Download