8f734c69f47bd3da97ba7d573111bd3a0c402d4a8684983597bed24f898ea287

Analysis

max time kernel
120s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 08:26

Target

5012dbb1187389ccc6b73f94170a4a29.dll
Size

126KB
MD5

5012dbb1187389ccc6b73f94170a4a29
SHA1

b913e9e632ceb0f5d64eb75884d0e127e14ab138
SHA256

8f734c69f47bd3da97ba7d573111bd3a0c402d4a8684983597bed24f898ea287
SHA512

f897fc8264834375b96e6a67a181487fff4bc331a769f75e0569d1fecefc0c142e666c5b33f7488b286db5219c31a54572f667bd108f588586bdacde943c6be5
SSDEEP

1536:skfbpOWtEWfukfbpOWtEWfukfbpOWtEWfukfbpOWtEWf:jpbtZ9pbtZ9pbtZ9pbtZ

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2132	2412	regsvr32.exe	17
PID 2412 wrote to memory of 2132	2412	regsvr32.exe	17
PID 2412 wrote to memory of 2132	2412	regsvr32.exe	17
PID 2412 wrote to memory of 2132	2412	regsvr32.exe	17
PID 2412 wrote to memory of 2132	2412	regsvr32.exe	17
PID 2412 wrote to memory of 2132	2412	regsvr32.exe	17
PID 2412 wrote to memory of 2132	2412	regsvr32.exe	17

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\5012dbb1187389ccc6b73f94170a4a29.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\5012dbb1187389ccc6b73f94170a4a29.dll
  2⤵
  PID:2132

memory/2132-0-0x00000000000C0000-0x00000000000CD000-memory.dmp

Filesize
52KB

Download