11a0ee1ba5948b475235dafe62bebd52a1237af7403ddd9fbcb4df04a47a376c

Analysis

max time kernel
121s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 12:46

Target

4e56c0c6bf641c4dcf748de862f70778.dll
Size

168KB
MD5

4e56c0c6bf641c4dcf748de862f70778
SHA1

6847fd180f6f1a4fb2d8204fc442d6f8f7f138bd
SHA256

11a0ee1ba5948b475235dafe62bebd52a1237af7403ddd9fbcb4df04a47a376c
SHA512

5bfa089d9a1ac01827b6447f3b85353872e89b61b9becb8ddd8a90a25b310ecff3cf19a0107d8772748cc970cfae5ccfe5952de27f74e9410349c6c1b4ee532b
SSDEEP

3072:49MinoDYXKz2svIUHGnhcc7IQ1ZDcCeMveK0zUJqXqLFhvU/:491aqsvIUHGnhccsyYhgCz/XqLFh8/

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 2332	1384	regsvr32.exe	28
PID 1384 wrote to memory of 2332	1384	regsvr32.exe	28
PID 1384 wrote to memory of 2332	1384	regsvr32.exe	28
PID 1384 wrote to memory of 2332	1384	regsvr32.exe	28
PID 1384 wrote to memory of 2332	1384	regsvr32.exe	28
PID 1384 wrote to memory of 2332	1384	regsvr32.exe	28
PID 1384 wrote to memory of 2332	1384	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\4e56c0c6bf641c4dcf748de862f70778.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\4e56c0c6bf641c4dcf748de862f70778.dll
  2⤵
  PID:2332