1c784c1734d86a38d44860b96511ec43f4db14bbd4db812131502b4094b464d7

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10-01-2024 15:45

Target

50f88e3fbf6e263f93ce5f1a042ead26.dll
Size

43KB
MD5

50f88e3fbf6e263f93ce5f1a042ead26
SHA1

adf64ab5e6830e2f7e28680ce4120b9e4703797a
SHA256

1c784c1734d86a38d44860b96511ec43f4db14bbd4db812131502b4094b464d7
SHA512

ca4792396559392dcadca48c398cb7dee0161050e180d475a78a4460d7224c08aab20964d3aee03c4ab65927a647ff2f7c27a8c00751de98e2c48ad696757154
SSDEEP

768:Z88F+8S1Rh3eBh3mcu/v6Yysq/mD3cDCAPkVkFlW6dv4KydEsQb3JB:ZjS3U3mcu/AsJwJPkVok6dwFuB

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 2172	1320	regsvr32.exe	28
PID 1320 wrote to memory of 2172	1320	regsvr32.exe	28
PID 1320 wrote to memory of 2172	1320	regsvr32.exe	28
PID 1320 wrote to memory of 2172	1320	regsvr32.exe	28
PID 1320 wrote to memory of 2172	1320	regsvr32.exe	28
PID 1320 wrote to memory of 2172	1320	regsvr32.exe	28
PID 1320 wrote to memory of 2172	1320	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\50f88e3fbf6e263f93ce5f1a042ead26.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1320
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\50f88e3fbf6e263f93ce5f1a042ead26.dll
  2⤵
  PID:2172

memory/2172-0-0x0000000000180000-0x0000000000190000-memory.dmp

Filesize
64KB

Download