9f948af3a30f125dcd24d8a628b3a18c66b3d72baede8496ee735cbdfd9cf0c7

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-01-2024 20:19

Target

9f948af3a30f125dcd24d8a628b3a18c66b3d72baede8496ee735cbdfd9cf0c7.dll
Size

1.2MB
MD5

42c15072a8aa222a10d96311969aa77a
SHA1

a87e4a21996a4a35e0b96a19bcd0b6964d459378
SHA256

9f948af3a30f125dcd24d8a628b3a18c66b3d72baede8496ee735cbdfd9cf0c7
SHA512

d48489ac42670749e98a77469a35320621f0597fd2da70fd4407e86d283c62c7ccf8ce67b5a4e20208bd5fd8f826d082e5f6286719eb5a8b098a762abba77184
SSDEEP

24576:9KuyRQZ7taLNQyucw8VQ3QhCtGEiCefenQ83pZkBTz8GE652kt:d2eQob7Q+ZITzqIV

Score

1^/10

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1564 wrote to memory of 2404	1564	regsvr32.exe	regsvr32.exe
PID 1564 wrote to memory of 2404	1564	regsvr32.exe	regsvr32.exe
PID 1564 wrote to memory of 2404	1564	regsvr32.exe	regsvr32.exe
PID 1564 wrote to memory of 2404	1564	regsvr32.exe	regsvr32.exe
PID 1564 wrote to memory of 2404	1564	regsvr32.exe	regsvr32.exe
PID 1564 wrote to memory of 2404	1564	regsvr32.exe	regsvr32.exe
PID 1564 wrote to memory of 2404	1564	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9f948af3a30f125dcd24d8a628b3a18c66b3d72baede8496ee735cbdfd9cf0c7.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\9f948af3a30f125dcd24d8a628b3a18c66b3d72baede8496ee735cbdfd9cf0c7.dll
  2⤵
  PID:2404