56be21c5082a79317b3f68d7be3560efea816cc4538e4adfa1e65d5e52d369e4

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 18:14

Target

543a98e52c92643a97f9d7c1a239d458.dll
Size

86KB
MD5

543a98e52c92643a97f9d7c1a239d458
SHA1

a3aa8f2f85b9cbf80de350ec7cdd917b7b9cdc55
SHA256

56be21c5082a79317b3f68d7be3560efea816cc4538e4adfa1e65d5e52d369e4
SHA512

3e4b3c9c08c75baebc762e7d42ae027f4ef154f95448ea9e5120576fb0f1bec14e4211ad86b8d00ae1c145f805a4f3ed377ab900fab6d4147566d84d8d91bb3a
SSDEEP

1536:W9xsiCuMoXcofAH9PEkdootRM68jtLua3CVenTulW+8ktQ+TYygVtCe6yIaKVNCL:W9XHMoMoGLdXtOdRLua3XTulZ8kttYya

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 2032	1392	regsvr32.exe	16
PID 1392 wrote to memory of 2032	1392	regsvr32.exe	16
PID 1392 wrote to memory of 2032	1392	regsvr32.exe	16
PID 1392 wrote to memory of 2032	1392	regsvr32.exe	16
PID 1392 wrote to memory of 2032	1392	regsvr32.exe	16
PID 1392 wrote to memory of 2032	1392	regsvr32.exe	16
PID 1392 wrote to memory of 2032	1392	regsvr32.exe	16

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\543a98e52c92643a97f9d7c1a239d458.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\543a98e52c92643a97f9d7c1a239d458.dll
  2⤵
  PID:2032

memory/2032-0-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download